diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-05-25 09:26:45 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-05-25 09:26:45 -0400 |
| commit | fdfc528f85c11a1d29b6a67e32180278d1ca7cbb (patch) | |
| tree | 4468f5d3619a35cab894aebf6f0a37e2d4066426 | |
| parent | 6abceca1826a018fb51e419fc4eb9721dd501acf (diff) | |
| parent | c4c4380a5e43e97ff9533aa42c73183dd1054c41 (diff) | |
| download | tor-fdfc528f85c11a1d29b6a67e32180278d1ca7cbb.tar.gz tor-fdfc528f85c11a1d29b6a67e32180278d1ca7cbb.zip | |
Merge branch 'bug19152_024_v2' into maint-0.2.8
| -rw-r--r-- | changes/rsa_init_bug | 7 | ||||
| -rw-r--r-- | src/common/crypto.c | 4 |
2 files changed, 10 insertions, 1 deletions
diff --git a/changes/rsa_init_bug b/changes/rsa_init_bug new file mode 100644 index 0000000000..6b5fb4f2f9 --- /dev/null +++ b/changes/rsa_init_bug @@ -0,0 +1,7 @@ + o Major bugfixes (key management): + - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer + to the previous (uninitialized) key value. The impact here should be + limited to a difficult-to-trigger crash, if OpenSSL is running an + engine that makes key generation failures possible, or if OpenSSL runs + out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by + Yuan Jochen Kang, Suman Jana, and Baishakhi Ray. diff --git a/src/common/crypto.c b/src/common/crypto.c index d2a42698cb..933f1033f7 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -585,8 +585,10 @@ MOCK_IMPL(int, { tor_assert(env); - if (env->key) + if (env->key) { RSA_free(env->key); + env->key = NULL; + } { BIGNUM *e = BN_new(); |