Loading changes/trove-2017-011 0 → 100644 +8 −0 Original line number Diff line number Diff line o Major bugfixes (security): - Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (If the terminal was not available, tor would continue running.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720. src/common/crypto.c +13 −3 Original line number Diff line number Diff line Loading @@ -592,11 +592,21 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits) return 0; } /** A PEM callback that always reports a failure to get a password */ static int pem_no_password_cb(char *buf, int size, int rwflag, void *u) { (void)buf; (void)size; (void)rwflag; (void)u; return 0; } /** Read a PEM-encoded private key from the <b>len</b>-byte string <b>s</b> * into <b>env</b>. Return 0 on success, -1 on failure. If len is -1, * the string is nul-terminated. */ /* Used here, and used for testing. */ int crypto_pk_read_private_key_from_string(crypto_pk_t *env, const char *s, ssize_t len) Loading @@ -615,7 +625,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env, if (env->key) RSA_free(env->key); env->key = PEM_read_bio_RSAPrivateKey(b,NULL,NULL,NULL); env->key = PEM_read_bio_RSAPrivateKey(b,NULL,pem_no_password_cb,NULL); BIO_free(b); Loading Loading @@ -747,7 +757,7 @@ crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src, if (env->key) RSA_free(env->key); env->key = PEM_read_bio_RSAPublicKey(b, NULL, NULL, NULL); env->key = PEM_read_bio_RSAPublicKey(b, NULL, pem_no_password_cb, NULL); BIO_free(b); if (!env->key) { crypto_log_errors(LOG_WARN, "reading public key from string"); Loading Loading
changes/trove-2017-011 0 → 100644 +8 −0 Original line number Diff line number Diff line o Major bugfixes (security): - Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (If the terminal was not available, tor would continue running.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
src/common/crypto.c +13 −3 Original line number Diff line number Diff line Loading @@ -592,11 +592,21 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits) return 0; } /** A PEM callback that always reports a failure to get a password */ static int pem_no_password_cb(char *buf, int size, int rwflag, void *u) { (void)buf; (void)size; (void)rwflag; (void)u; return 0; } /** Read a PEM-encoded private key from the <b>len</b>-byte string <b>s</b> * into <b>env</b>. Return 0 on success, -1 on failure. If len is -1, * the string is nul-terminated. */ /* Used here, and used for testing. */ int crypto_pk_read_private_key_from_string(crypto_pk_t *env, const char *s, ssize_t len) Loading @@ -615,7 +625,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env, if (env->key) RSA_free(env->key); env->key = PEM_read_bio_RSAPrivateKey(b,NULL,NULL,NULL); env->key = PEM_read_bio_RSAPrivateKey(b,NULL,pem_no_password_cb,NULL); BIO_free(b); Loading Loading @@ -747,7 +757,7 @@ crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src, if (env->key) RSA_free(env->key); env->key = PEM_read_bio_RSAPublicKey(b, NULL, NULL, NULL); env->key = PEM_read_bio_RSAPublicKey(b, NULL, pem_no_password_cb, NULL); BIO_free(b); if (!env->key) { crypto_log_errors(LOG_WARN, "reading public key from string"); Loading