Opened 4 years ago

Closed 4 years ago

#16449 closed defect (fixed)

Segmentation fault on key generation

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When tor cannot find any existing keys, the --keygen flag crashes with a segmentation fault. This is caused by using the return value of crypto_read_tagged_contents_from_file for wiping the encrypted_key array.

The solution is to use the array size as the size (like the pwbuf array). The patch for review follows.

Child Tickets

Change History (2)

comment:1 Changed 4 years ago by cypherpunks

Status: newneeds_review
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 2fd7f41..d075c67 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -63,7 +63,7 @@ read_encrypted_secret_key(ed25519_secret_key_t *out,
   r = 1;
 
  done:
-  memwipe(encrypted_key, 0, encrypted_len);
+  memwipe(encrypted_key, 0, sizeof(encrypted_key));
   memwipe(pwbuf, 0, sizeof(pwbuf));
   tor_free(tag);
   if (secret) {

comment:2 Changed 4 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Merged; thanks!

Note: See TracTickets for help on using tickets.