Drop thread-local fast_rng on fork.

This will cause the child process to construct a new one in a nice safe way. Closes ticket 29668; bug not in any released Tor.
2024-11-11 05:33:47 +01:00 · 2019-03-06 09:59:10 -05:00 · 2019-03-06 09:59:10 -05:00 · ab6ad3c040
commit ab6ad3c040
parent db2e916afe
1 changed files with 6 additions and 0 deletions
--- a/src/lib/crypt_ops/crypto_init.c
+++ b/src/lib/crypt_ops/crypto_init.c
@ -152,6 +152,12 @@ crypto_prefork(void)
 #ifdef ENABLE_NSS
  crypto_nss_prefork();
 #endif
+  /* It is not safe to share a fast_rng object across a fork boundary unless
+   * we actually have zero-on-fork support in map_anon.c.  If we have
+   * drop-on-fork support, we will crash; if we have neither, we will yield
+   * a copy of the parent process's rng, which is scary and insecure.
+   */
+  destroy_thread_fast_rng();
 }

 /** Run operations that the crypto library requires to be happy again