The Tor Project has fixed a flaw in its anonymization and privacy software that leaked information from memory on some machines running Tor that could give an attacker access to sensitive information stored in the cache. The issue was caused by the way that some compilers handle a specific function in the Tor client.
The developers at the Tor Project were alerted to the problem recently and began looking into the issue. What they found is that in some cases, when the Tor client uses a function called memset to erase some cache data on a machine, some of that information will still remain when Tor exits. The data that remains could give an attacker access to sensitive information in the cache.
The strring explaining the bug fix in Tor says that different compilers handle the situation differently.
“Tor tries to wipe potentially sensitive data after using it, so that if some subsequent security failure exposes Tor’s memory, the damage will be limited. But we had a bug where the compiler was eliminating these wipe operations when it decided that the memory was no longer visible to a (correctly running) program, hence defeating our attempt at defense in depth. We fix that by using OpenSSL’s OPENSSL_cleanse() operation, which a compiler is unlikely to optimize away. Future versions of Tor may use a less ridiculously heavy approach for this,” one of the messages in the bug string says.
The Tor software is designed to protect users’ privacy and anonymity through the use of a large network of nodes that encrypt traffic and bring it out the other side in a way that makes it difficult for eavesdroppers to see where the traffic originated. It’s used extensively by human rights groups, journalists, activists and others who have reason to believe they may be under surveillance or who simply want to protect their anonymity online.
