commit ab6ad3c040de68b1f06b8f910407bff570b24b43 parent db2e916afe34c2b2fd3078a0cd4f8e5ba7193904 Author: Nick Mathewson <nickm@torproject.org> Date: Wed, 6 Mar 2019 09:59:10 -0500 Drop thread-local fast_rng on fork. This will cause the child process to construct a new one in a nice safe way. Closes ticket 29668; bug not in any released Tor. Diffstat:
| M | src/lib/crypt_ops/crypto_init.c | | | 6 | ++++++ |
1 file changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c @@ -152,6 +152,12 @@ crypto_prefork(void) #ifdef ENABLE_NSS crypto_nss_prefork(); #endif + /* It is not safe to share a fast_rng object across a fork boundary unless + * we actually have zero-on-fork support in map_anon.c. If we have + * drop-on-fork support, we will crash; if we have neither, we will yield + * a copy of the parent process's rng, which is scary and insecure. + */ + destroy_thread_fast_rng(); } /** Run operations that the crypto library requires to be happy again