[tor-bugs] #17698 [Tor]: Avoid passing an uninitialised buffer to OpenSSL
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 26 15:04:21 UTC 2015
#17698: Avoid passing an uninitialised buffer to OpenSSL
--------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------+------------------------------------
Changes (by nickm):
* status: new => needs_review
Comment:
I don't see a great reason to take this one. Sure, it's undefined
behavior, but every single other program that uses openssl, including
openssl itself, does it this way.
If we're going to fix this, the right way IMO is to just switch to a
better RNG.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17698#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list