Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge remote-tracking branch 'public/bug19152_024_v2' into maint-0.2.4

Nick Mathewson 8 years ago
parent
51675f97d3 c4c4380a5e
commit
d6eae78e29
2 changed files with 10 additions and 1 deletions
Split View Show Diff Stats
  1. 7 0
      changes/rsa_init_bug
  2. 3 1
      src/common/crypto.c

+ 7 - 0
changes/rsa_init_bug
View File 

@@ -0,0 +1,7 @@
 
+  o Major bugfixes (key management):
 
+    - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer
 
+      to the previous (uninitialized) key value. The impact here should be
 
+      limited to a difficult-to-trigger crash, if OpenSSL is running an
 
+      engine that makes key generation failures possible, or if OpenSSL runs
 
+      out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by
 
+      Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.

+ 3 - 1
src/common/crypto.c
View File 

@@ -466,8 +466,10 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
 
 {
 
   tor_assert(env);
 
 
-  if (env->key)
 
+  if (env->key) {
 
     RSA_free(env->key);
 
+    env->key = NULL;
 
+  }
 
 
   {
 
     BIGNUM *e = BN_new();