Add constness to length variables in `tor_tls_cert_matches_key`.

We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
`tor_tls_cert_matches_key` to ensure that we don't accidentally alter
the variables.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119

diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index f7792e07a2ca80f02b12facfa21969555e76bc68..f1ef3ef2771897adc20414690db9a44d7f8655da 100644 (file)
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -739,8 +739,8 @@ tor_tls_cert_matches_key,(const tor_tls_t *tls,
    * in seckey.c in the NSS source tree. This function also does the conversion
    * between bits and bytes.
    */
-  unsigned int peer_info_orig_len = peer_info->subjectPublicKey.len;
-  unsigned int cert_info_orig_len = cert_info->subjectPublicKey.len;
+  const unsigned int peer_info_orig_len = peer_info->subjectPublicKey.len;
+  const unsigned int cert_info_orig_len = cert_info->subjectPublicKey.len;
 
   peer_info->subjectPublicKey.len = (peer_info_orig_len >> 3);
   cert_info->subjectPublicKey.len = (cert_info_orig_len >> 3);