[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Drop thread-local fast_rng on fork.
commit ab6ad3c040de68b1f06b8f910407bff570b24b43
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Wed Mar 6 09:59:10 2019 -0500
Drop thread-local fast_rng on fork.
This will cause the child process to construct a new one in a nice
safe way.
Closes ticket 29668; bug not in any released Tor.
---
src/lib/crypt_ops/crypto_init.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c
index cf491f32d..5c2780b2c 100644
--- a/src/lib/crypt_ops/crypto_init.c
+++ b/src/lib/crypt_ops/crypto_init.c
@@ -152,6 +152,12 @@ crypto_prefork(void)
#ifdef ENABLE_NSS
crypto_nss_prefork();
#endif
+ /* It is not safe to share a fast_rng object across a fork boundary unless
+ * we actually have zero-on-fork support in map_anon.c. If we have
+ * drop-on-fork support, we will crash; if we have neither, we will yield
+ * a copy of the parent process's rng, which is scary and insecure.
+ */
+ destroy_thread_fast_rng();
}
/** Run operations that the crypto library requires to be happy again
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits