[tor-bugs] #4125 [Tor Relay]: Implement proposal 176 (renegotiation-free handshake)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Oct 3 20:55:15 UTC 2011
#4125: Implement proposal 176 (renegotiation-free handshake)
-------------------------+--------------------------------------------------
Reporter: nickm | Owner: nickm
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Deliverable-Nov2011
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by asn):
* In `tor_cert_decode()`:
{{{
newcert = tor_cert_new(x509);
if (!newcert) {
X509_free(x509);
return NULL;
}
}}}
If `tor_cert_new()` fails, `x509` gets freed twice (once inside
`tor_cert_new()`, and once inside the `if` body). You probably want to
kill the `X509_free()` inside the `if`, since `tor_cert_new()` steals the
reference of `x509_cert`.
* In `tor_tls_context_new()`:
{{{
result->my_link_cert = tor_cert_new(X509_dup(cert));
result->my_id_cert = tor_cert_new(X509_dup(idcert));
result->my_auth_cert = tor_cert_new(X509_dup(authcert));
}}}
We don't check the return values of `tor_cert_new()`.
Probably because `{,id,auth}cert` are considered trusted data.
In any case '''maybe''' it's a good idea to check their return values
[especially when the `else` body gets added to the `if` in
`tor_cert_new()`]
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4125#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list