[tor-commits] [tor/master] Clean up comments, mark more branches as BUG.

nickm at torproject.org nickm at torproject.org
Thu Nov 3 13:18:59 UTC 2016 

commit 5a2f70f86a8ca226f9b818ebf0ce893c1a1db5fa
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sun Sep 11 14:13:29 2016 -0400

    Clean up comments, mark more branches as BUG.
---
 src/or/channeltls.c | 10 ++++++++--
 src/or/torcert.c    |  6 +++---
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 7a6f0b3..f5b81f0 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -2219,8 +2219,11 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
   }
 
   /* Length of random part. */
-  if (bodylen < 24)
+  if (BUG(bodylen < 24)) {
+    // LCOV_EXCL_START
     ERR("Bodylen is somehow less than 24, which should really be impossible");
+    // LCOV_EXCL_STOP
+  }
 
   if (tor_memneq(expected_cell->payload+4, auth, bodylen-24))
     ERR("Some field in the AUTHENTICATE cell body was not as expected");
@@ -2239,8 +2242,11 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
     size_t keysize;
     int signed_len;
 
-    if (!pk)
+    if (BUG(!pk)) {
+      // LCOV_EXCL_START
       ERR("Internal error: couldn't get RSA key from AUTH cert.");
+      // LCOV_EXCL_STOP
+    }
     crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);
 
     keysize = crypto_pk_keysize(pk);
diff --git a/src/or/torcert.c b/src/or/torcert.c
index cfd2210..d100298 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -471,9 +471,6 @@ or_handshake_certs_rsa_ok(int severity,
   } else {
     if (! (id_cert && auth_cert))
       ERR("The certs we wanted (ID, Auth) were missing");
-    /* Remember these certificates so we can check an AUTHENTICATE cell
-     * XXXX make sure we do that
-     */
     if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, now, 1))
       ERR("The authentication certificate was not valid");
     if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, now, 1))
@@ -517,6 +514,9 @@ or_handshake_certs_ed25519_ok(int severity,
       /* check for a match with the TLS cert. */
       tor_x509_cert_t *peer_cert = tor_tls_get_peer_cert(tls);
       if (BUG(!peer_cert)) {
+        /* This is a bug, because if we got to this point, we are a connection
+         * that was initiated here, and we completed a TLS handshake. The
+         * other side *must* have given us a certificate! */
         ERR("No x509 peer cert"); // LCOV_EXCL_LINE
       }
       const common_digests_t *peer_cert_digests =

More information about the tor-commits mailing list