Merge remote-tracking branch 'public/bug19152_024_v2' into maint-0.2.4

This commit is contained in:
Nick Mathewson 2017-02-07 08:47:11 -05:00
commit d6eae78e29
2 changed files with 10 additions and 1 deletions

7
changes/rsa_init_bug Normal file
View File

@ -0,0 +1,7 @@
o Major bugfixes (key management):
- If OpenSSL fails to generate an RSA key, do not retain a dangling pointer
to the previous (uninitialized) key value. The impact here should be
limited to a difficult-to-trigger crash, if OpenSSL is running an
engine that makes key generation failures possible, or if OpenSSL runs
out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by
Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.

View File

@ -466,8 +466,10 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
{
tor_assert(env);
if (env->key)
if (env->key) {
RSA_free(env->key);
env->key = NULL;
}
{
BIGNUM *e = BN_new();