[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL
#17698: Avoid passing an uninitialised buffer to OpenSSL
--------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------+------------------------------------
Changes (by nickm):
* status: new => needs_review
Comment:
I don't see a great reason to take this one. Sure, it's undefined
behavior, but every single other program that uses openssl, including
openssl itself, does it this way.
If we're going to fix this, the right way IMO is to just switch to a
better RNG.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17698#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs