[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL

Subject: Re: [tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 26 Nov 2015 15:04:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 26 Nov 2015 10:04:37 -0500
In-reply-to: <044.c19fd3290da94fc47ba3354e3147291f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.c19fd3290da94fc47ba3354e3147291f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17698: Avoid passing an uninitialised buffer to OpenSSL
--------------------+------------------------------------
 Reporter:  teor    |          Owner:
     Type:  defect  |         Status:  needs_review
 Priority:  Medium  |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor     |        Version:  Tor: unspecified
 Severity:  Normal  |     Resolution:
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
  Sponsor:          |
--------------------+------------------------------------
Changes (by nickm):

 * status:  new => needs_review


Comment:

 I don't see a great reason to take this one.  Sure, it's undefined
 behavior, but every single other program that uses openssl, including
 openssl itself, does it this way.

 If we're going to fix this, the right way IMO is to just switch to a
 better RNG.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17698#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17659 [Tor]: BUG : connection_ap_mark_as_pending_circuit()
Next by Author: Re: [tor-bugs] #17697 [Tor]: Add crypto_rand unit tests to check for predictable values
Previous by thread: [tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL
Next by thread: [tor-bugs] #17699 [Tor]: SHA512 extension test fails with clang
Index(es):
- Author
- Thread