Loading changes/rsa_init_bug 0 → 100644 +7 −0 Original line number Diff line number Diff line o Major bugfixes (key management): - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer to the previous (uninitialized) key value. The impact here should be limited to a difficult-to-trigger crash, if OpenSSL is running an engine that makes key generation failures possible, or if OpenSSL runs out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and Baishakhi Ray. src/common/crypto.c +3 −1 Original line number Diff line number Diff line Loading @@ -466,8 +466,10 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits) { tor_assert(env); if (env->key) if (env->key) { RSA_free(env->key); env->key = NULL; } { BIGNUM *e = BN_new(); Loading Loading
changes/rsa_init_bug 0 → 100644 +7 −0 Original line number Diff line number Diff line o Major bugfixes (key management): - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer to the previous (uninitialized) key value. The impact here should be limited to a difficult-to-trigger crash, if OpenSSL is running an engine that makes key generation failures possible, or if OpenSSL runs out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.
src/common/crypto.c +3 −1 Original line number Diff line number Diff line Loading @@ -466,8 +466,10 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits) { tor_assert(env); if (env->key) if (env->key) { RSA_free(env->key); env->key = NULL; } { BIGNUM *e = BN_new(); Loading