[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL

Subject: [tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 26 Nov 2015 10:54:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 26 Nov 2015 05:54:46 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17698: Avoid passing an uninitialised buffer to OpenSSL
------------------------+--------------------------------
     Reporter:  teor    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  Medium  |  Milestone:  Tor: 0.2.8.x-final
    Component:  Tor     |    Version:  Tor: unspecified
     Severity:  Normal  |   Keywords:
Actual Points:          |  Parent ID:
       Points:          |    Sponsor:
------------------------+--------------------------------
 Don't pass potentially uninitialised buffers to RAND_bytes.

 (OpenSSL uses the buffer as an entropy source, which is
 undefined behaviour on uninitialised memory.)

 Bugfix on tor 0.0.6rc4, commit f6dbe5a0d42d / svn:r1717
 on 27 Apr 2004.

 See my branch rand-input-uninitialised, based on bug17686_v2_027.
 https://github.com/teor2345/tor.git

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17698>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #17697 [Tor]: Add crypto_rand unit tests to check for predictable values
Next by Author: Re: [tor-bugs] #17659 [Tor]: BUG : connection_ap_mark_as_pending_circuit()
Previous by thread: Re: [tor-bugs] #17697 [Tor]: Add crypto_rand unit tests to check for predictable values
Next by thread: Re: [tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL
Index(es):
- Author
- Thread