diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-02-07 08:47:11 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-02-07 08:47:11 -0500 |
| commit | d6eae78e2928544ad634356887c7a83a2cd23eaa (patch) | |
| tree | cf9d60b5d927da2067987a8f7628eeffebe922fa /changes | |
| parent | 51675f97d30e48da68f2cf538f7f805f51af4c36 (diff) | |
| parent | c4c4380a5e43e97ff9533aa42c73183dd1054c41 (diff) | |
| download | tor-d6eae78e2928544ad634356887c7a83a2cd23eaa.tar.gz tor-d6eae78e2928544ad634356887c7a83a2cd23eaa.zip | |
Merge remote-tracking branch 'public/bug19152_024_v2' into maint-0.2.4
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/rsa_init_bug | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/changes/rsa_init_bug b/changes/rsa_init_bug new file mode 100644 index 0000000000..6b5fb4f2f9 --- /dev/null +++ b/changes/rsa_init_bug @@ -0,0 +1,7 @@ + o Major bugfixes (key management): + - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer + to the previous (uninitialized) key value. The impact here should be + limited to a difficult-to-trigger crash, if OpenSSL is running an + engine that makes key generation failures possible, or if OpenSSL runs + out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by + Yuan Jochen Kang, Suman Jana, and Baishakhi Ray. |