[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Drop thread-local fast_rng on fork.



commit ab6ad3c040de68b1f06b8f910407bff570b24b43
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Wed Mar 6 09:59:10 2019 -0500

    Drop thread-local fast_rng on fork.
    
    This will cause the child process to construct a new one in a nice
    safe way.
    
    Closes ticket 29668; bug not in any released Tor.
---
 src/lib/crypt_ops/crypto_init.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c
index cf491f32d..5c2780b2c 100644
--- a/src/lib/crypt_ops/crypto_init.c
+++ b/src/lib/crypt_ops/crypto_init.c
@@ -152,6 +152,12 @@ crypto_prefork(void)
 #ifdef ENABLE_NSS
   crypto_nss_prefork();
 #endif
+  /* It is not safe to share a fast_rng object across a fork boundary unless
+   * we actually have zero-on-fork support in map_anon.c.  If we have
+   * drop-on-fork support, we will crash; if we have neither, we will yield
+   * a copy of the parent process's rng, which is scary and insecure.
+   */
+  destroy_thread_fast_rng();
 }
 
 /** Run operations that the crypto library requires to be happy again



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits