You are on page 1of 5

,

!
?
:
: 07.11.2012
, . .
, ,
. .
, , . .
, ! .
- , !
? . .
, , Tor.
" ". ,
, .
, , .
, .
! , ,
.
, TOR , .
, . -
- .
, .
, ip- .
, .
, . , , "
- ?".
TOR . ,
memset(). Epic Fail. memset(),
.
, TOR:
int
crypto_pk_private_sign_digest(....)
{

char digest[DIGEST_LEN];
....
memset(digest, 0, sizeof(digest));
return r;
}
. 'digest'. . , .
. memset(). ,
'digest' .
. .
.
, , . ,
memset(). Visual C++ 2010
"/O2".
,
RtlSecureZeroMemory().
.
, . . .
? , , -
. , . . ,
. , .
, PVS-Studio "V597 The compiler could
delete the 'memset' function call, which is used to flush '...' buffer. The RtlSecureZeroMemory() function
should be used to erase the private data":

crypto.c 1015
crypto.c 1605
crypto.c 2233
crypto.c 2323
tortls.c 2453
connection_or.c 1798
connection_or.c 2128
onion.c 295
onion.c 384
onion.c 429
rendclient.c 320
rendclient.c 321
rendclient.c 699
rendclient.c 942

rendclient.c 1284
rendclient.c 1285
rendservice.c 705
rendservice.c 900
rendservice.c 903
rendservice.c 904
rendservice.c 905
rendservice.c 906
rendservice.c 1409
rendservice.c 1410
rendservice.c 1411
rendservice.c 1412
rendservice.c 1413
rendservice.c 1414
rendservice.c 1415
rendservice.c 2078
rendservice.c 2079
rendservice.c 2080
rendservice.c 2516
rendservice.c 2517
rendservice.c 2518
rendservice.c 2668
rendservice.c 2669
rendservice.c 2670
tor-gencert.c 108

. ,
, . ,
, memset()!? , .
TOR. .
. TOR? , OpenSSL.
SSL/TLS. ,
OpenSSL.
OpenSSL , memset() .
, . :
unsigned char cleanse_ctr = 0;
void OPENSSL_cleanse(void *ptr, size_t len)
{
unsigned char *p = ptr;

size_t loop = len, ctr = cleanse_ctr;


while(loop--)
{
*(p++) = (unsigned char)ctr;
ctr += (17 + ((size_t)p & 0xF));
}
p=memchr(ptr, (unsigned char)ctr, len);
if(p)
ctr += (63 + (size_t)p);
cleanse_ctr = (unsigned char)ctr;
}
. . . ,
.
- , , .
:
void usage(void)
{
static unsigned char *buf=NULL,*obuf=NULL;
....
OPENSSL_cleanse(buf,sizeof(buf));
OPENSSL_cleanse(obuf,sizeof(obuf));
....
}
OPENSSL_cleanse(). .
. ?
sizeof(buf) sizeof(obuf) , .
, 32- 4 .
.
OpenSSL (. V597):

ec_mult.c 173
ec_mult.c 176

:
1.
, . ,
- , ,
. ,
"char buf[10000]" , .
2. DEBUG , RELEASE. c memset()
DEBUG .
3. .
.
4. .
TOR . ,
. ? . ,
.
5. ,
. , "
" . . . ,
, . ,
,
.