Merge branch 'maint-0.2.7' into release-0.2.7

author: Nick Mathewson <nickm@torproject.org> 2017-02-07 08:56:44 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-02-07 08:56:44 -0500
commit: 618fafd5c86aa9e9cdac1d99e17d332f84603c42 (patch)
tree: 85ba94ccd9e2440998de103d70bcc2c89a6f99ac /changes
parent: 0f9054cd86bc5f8647902fcc040bb5c4e0b52477 (diff)
parent: 115cefdeeefd99f435948bfe42b1ce842019edfb (diff)
download: tor-618fafd5c86aa9e9cdac1d99e17d332f84603c42.tar.gz
tor-618fafd5c86aa9e9cdac1d99e17d332f84603c42.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/changes/rsa_init_bug b/changes/rsa_init_bug
new file mode 100644
index 0000000000..6b5fb4f2f9
--- /dev/null
+++ b/changes/rsa_init_bug
@@ -0,0 +1,7 @@
+  o Major bugfixes (key management):
+    - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer
+      to the previous (uninitialized) key value. The impact here should be
+      limited to a difficult-to-trigger crash, if OpenSSL is running an
+      engine that makes key generation failures possible, or if OpenSSL runs
+      out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by
+      Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.
author	Nick Mathewson <nickm@torproject.org>	2017-02-07 08:56:44 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-02-07 08:56:44 -0500
commit	618fafd5c86aa9e9cdac1d99e17d332f84603c42 (patch)
tree	85ba94ccd9e2440998de103d70bcc2c89a6f99ac /changes
parent	0f9054cd86bc5f8647902fcc040bb5c4e0b52477 (diff)
parent	115cefdeeefd99f435948bfe42b1ce842019edfb (diff)
download	tor-618fafd5c86aa9e9cdac1d99e17d332f84603c42.tar.gz tor-618fafd5c86aa9e9cdac1d99e17d332f84603c42.zip