Merge branch 'maint-0.2.4' into release-0.2.4
This commit is contained in:
commit
a2192a671c
|
@ -0,0 +1,7 @@
|
||||||
|
o Major bugfixes (key management):
|
||||||
|
- If OpenSSL fails to generate an RSA key, do not retain a dangling pointer
|
||||||
|
to the previous (uninitialized) key value. The impact here should be
|
||||||
|
limited to a difficult-to-trigger crash, if OpenSSL is running an
|
||||||
|
engine that makes key generation failures possible, or if OpenSSL runs
|
||||||
|
out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by
|
||||||
|
Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.
|
|
@ -466,8 +466,10 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
|
||||||
{
|
{
|
||||||
tor_assert(env);
|
tor_assert(env);
|
||||||
|
|
||||||
if (env->key)
|
if (env->key) {
|
||||||
RSA_free(env->key);
|
RSA_free(env->key);
|
||||||
|
env->key = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
BIGNUM *e = BN_new();
|
BIGNUM *e = BN_new();
|
||||||
|
|
Loading…
Reference in New Issue