From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 21 Aug 2014 15:09:40 +0000 (-0400)
Subject: Check for duplicate arguments to tor-gencert
X-Git-Tag: tor-0.2.6.1-alpha~189^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=446e481c90666235bc184cdad6a8578b79fa258e;p=thirdparty%2Ftor.git

Check for duplicate arguments to tor-gencert

Found by coverity, which noticed that if you said
  tor-gencert -i identity1 -i identity2
we would leak "identity1".

[CID 1198201, 1198202, 1198203]
---

diff --git a/changes/check_dup_args_gencert b/changes/check_dup_args_gencert
new file mode 100644
index 0000000000..d0925df600
--- /dev/null
+++ b/changes/check_dup_args_gencert
@@ -0,0 +1,3 @@
+  o Minor features:
+    - In tor-gencert, report an error if the user provides the same
+      argument more than once.
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index e799df5cad..fae26ef956 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -134,18 +134,30 @@ parse_commandline(int argc, char **argv)
         fprintf(stderr, "No argument to -i\n");
         return 1;
       }
+      if (identity_key_file) {
+        fprintf(stderr, "Duplicate values for -i\n");
+        return -1;
+      }
       identity_key_file = tor_strdup(argv[++i]);
     } else if (!strcmp(argv[i], "-s")) {
       if (i+1>=argc) {
         fprintf(stderr, "No argument to -s\n");
         return 1;
       }
+      if (signing_key_file) {
+        fprintf(stderr, "Duplicate values for -s\n");
+        return -1;
+      }
       signing_key_file = tor_strdup(argv[++i]);
     } else if (!strcmp(argv[i], "-c")) {
       if (i+1>=argc) {
         fprintf(stderr, "No argument to -c\n");
         return 1;
       }
+      if (certificate_file) {
+        fprintf(stderr, "Duplicate values for -c\n");
+        return -1;
+      }
       certificate_file = tor_strdup(argv[++i]);
     } else if (!strcmp(argv[i], "-m")) {
       if (i+1>=argc) {