[tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 26 10:54:37 UTC 2015
#17698: Avoid passing an uninitialised buffer to OpenSSL
------------------------+--------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
------------------------+--------------------------------
Don't pass potentially uninitialised buffers to RAND_bytes.
(OpenSSL uses the buffer as an entropy source, which is
undefined behaviour on uninitialised memory.)
Bugfix on tor 0.0.6rc4, commit f6dbe5a0d42d / svn:r1717
on 27 Apr 2004.
See my branch rand-input-uninitialised, based on bug17686_v2_027.
https://github.com/teor2345/tor.git
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17698>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list