Merge branch 'maint-0.2.4' into maint-0.2.5

2024-11-10 13:13:44 +01:00 · 2017-02-07 08:54:47 -05:00 · 2017-02-07 08:54:47 -05:00 · 6b37512dc7
commit 6b37512dc7
parent 05ec055c41 d6eae78e29
2 changed files with 10 additions and 1 deletions
--- a/changes/rsa_init_bug
+++ b/changes/rsa_init_bug
@ -0,0 +1,7 @@
+  o Major bugfixes (key management):
+    - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer
+      to the previous (uninitialized) key value. The impact here should be
+      limited to a difficult-to-trigger crash, if OpenSSL is running an
+      engine that makes key generation failures possible, or if OpenSSL runs
+      out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by
+      Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@ -557,8 +557,10 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
 {
  tor_assert(env);

-  if (env->key)
+  if (env->key) {
    RSA_free(env->key);
+    env->key = NULL;
+  }

  {
    BIGNUM *e = BN_new();