[tor-commits] [tor/maint-0.4.3] Add constness to length variables in `tor_tls_cert_matches_key`.

nickm at torproject.org nickm at torproject.org
Thu Jul 9 13:29:00 UTC 2020


commit 06f1e959c218bfbe0b85bbd0acc59b8f408fbc99
Author: Alexander Færøy <ahf at torproject.org>
Date:   Sat May 16 15:34:37 2020 +0000

    Add constness to length variables in `tor_tls_cert_matches_key`.
    
    We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
    `tor_tls_cert_matches_key` to ensure that we don't accidentally alter
    the variables.
    
    This patch is part of the fix for TROVE-2020-001.
    
    See: https://bugs.torproject.org/33119
---
 src/lib/tls/tortls_nss.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index f7792e07a..f1ef3ef27 100644
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -739,8 +739,8 @@ tor_tls_cert_matches_key,(const tor_tls_t *tls,
    * in seckey.c in the NSS source tree. This function also does the conversion
    * between bits and bytes.
    */
-  unsigned int peer_info_orig_len = peer_info->subjectPublicKey.len;
-  unsigned int cert_info_orig_len = cert_info->subjectPublicKey.len;
+  const unsigned int peer_info_orig_len = peer_info->subjectPublicKey.len;
+  const unsigned int cert_info_orig_len = cert_info->subjectPublicKey.len;
 
   peer_info->subjectPublicKey.len = (peer_info_orig_len >> 3);
   cert_info->subjectPublicKey.len = (cert_info_orig_len >> 3);





More information about the tor-commits mailing list