diff options
author | Nick Mathewson <nickm@torproject.org> | 2017-02-07 08:56:58 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-02-07 08:56:58 -0500 |
commit | a2192a671c9038026696f079184c4358fb70d443 (patch) | |
tree | a6e3c1961caae0baa4fd37077c6c6694e273aecb | |
parent | 040d7cecf39c06ee705a97c90d546d34d6c115ab (diff) | |
parent | d6eae78e2928544ad634356887c7a83a2cd23eaa (diff) | |
download | tor-a2192a671c9038026696f079184c4358fb70d443.tar.gz tor-a2192a671c9038026696f079184c4358fb70d443.zip |
Merge branch 'maint-0.2.4' into release-0.2.4
-rw-r--r-- | changes/rsa_init_bug | 7 | ||||
-rw-r--r-- | src/common/crypto.c | 4 |
2 files changed, 10 insertions, 1 deletions
diff --git a/changes/rsa_init_bug b/changes/rsa_init_bug new file mode 100644 index 0000000000..6b5fb4f2f9 --- /dev/null +++ b/changes/rsa_init_bug @@ -0,0 +1,7 @@ + o Major bugfixes (key management): + - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer + to the previous (uninitialized) key value. The impact here should be + limited to a difficult-to-trigger crash, if OpenSSL is running an + engine that makes key generation failures possible, or if OpenSSL runs + out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by + Yuan Jochen Kang, Suman Jana, and Baishakhi Ray. diff --git a/src/common/crypto.c b/src/common/crypto.c index 522c1375c9..f4ed8311b7 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -466,8 +466,10 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits) { tor_assert(env); - if (env->key) + if (env->key) { RSA_free(env->key); + env->key = NULL; + } { BIGNUM *e = BN_new(); |