[tor-bugs] #4125 [Tor Relay]: Implement proposal 176 (renegotiation-free handshake)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Oct 3 20:55:15 UTC 2011


#4125: Implement proposal 176 (renegotiation-free handshake)
-------------------------+--------------------------------------------------
 Reporter:  nickm        |          Owner:  nickm              
     Type:  enhancement  |         Status:  needs_review       
 Priority:  normal       |      Milestone:  Deliverable-Nov2011
Component:  Tor Relay    |        Version:                     
 Keywords:               |         Parent:                     
   Points:               |   Actualpoints:                     
-------------------------+--------------------------------------------------

Comment(by asn):

 * In `tor_cert_decode()`:
 {{{
   newcert = tor_cert_new(x509);
   if (!newcert) {
     X509_free(x509);
     return NULL;
   }
 }}}

 If `tor_cert_new()` fails, `x509` gets freed twice (once inside
 `tor_cert_new()`, and once inside the `if` body). You probably want to
 kill the `X509_free()` inside the `if`, since `tor_cert_new()` steals the
 reference of `x509_cert`.

 * In `tor_tls_context_new()`:
 {{{
   result->my_link_cert = tor_cert_new(X509_dup(cert));
   result->my_id_cert = tor_cert_new(X509_dup(idcert));
   result->my_auth_cert = tor_cert_new(X509_dup(authcert));
 }}}
 We don't check the return values of `tor_cert_new()`.
 Probably because `{,id,auth}cert` are considered trusted data.
 In any case '''maybe''' it's a good idea to check their return values
 [especially when the `else` body gets added to the `if` in
 `tor_cert_new()`]

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4125#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list