commit c03694938ed0b9510d1d6b04d0e650dc64d14074
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu May 28 12:30:25 2015 -0400
Fix a bug when we fail to read a cert from a file.
Found by coverity -- CID 1301366.
---
src/or/routerkeys.c | 36 +++++++++++++++++-------------------
1 file changed, 17 insertions(+), 19 deletions(-)
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 556ab45..7b7a6d0 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -142,26 +142,24 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
cert = tor_cert_parse(certbuf, cert_body_len);
/* If we got it, check it to the extent we can. */
- if (cert) {
- int bad_cert = 0;
-
- if (! cert) {
- tor_log(severity, LD_OR, "Cert was unparseable");
- bad_cert = 1;
- } else if (!tor_memeq(cert->signed_key.pubkey, keypair->pubkey.pubkey,
- ED25519_PUBKEY_LEN)) {
- tor_log(severity, LD_OR, "Cert was for wrong key");
- bad_cert = 1;
- } else if (tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 &&
- (signing_key || cert->cert_expired)) {
- tor_log(severity, LD_OR, "Can't check certificate");
- bad_cert = 1;
- }
+ int bad_cert = 0;
+
+ if (! cert) {
+ tor_log(severity, LD_OR, "Cert was unparseable");
+ bad_cert = 1;
+ } else if (!tor_memeq(cert->signed_key.pubkey, keypair->pubkey.pubkey,
+ ED25519_PUBKEY_LEN)) {
+ tor_log(severity, LD_OR, "Cert was for wrong key");
+ bad_cert = 1;
+ } else if (tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 &&
+ (signing_key || cert->cert_expired)) {
+ tor_log(severity, LD_OR, "Can't check certificate");
+ bad_cert = 1;
+ }
- if (bad_cert) {
- tor_cert_free(cert);
- cert = NULL;
- }
+ if (bad_cert) {
+ tor_cert_free(cert);
+ cert = NULL;
}
/* If we got a cert, we're done. */