From: Nick Mathewson Date: Wed, 9 Aug 2017 19:00:32 +0000 (-0400) Subject: In node_get_ed25519_id, detect and warn on inconsistent IDs. X-Git-Tag: tor-0.3.2.1-alpha~82^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=92b1dfd50eb9a6d3586bf4dd03890e5ba3f90fc8;p=thirdparty%2Ftor.git In node_get_ed25519_id, detect and warn on inconsistent IDs. This shouldn't actually be possible, but it's worth checking for. --- diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 104915d293..d2a4c8201e 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -879,22 +879,34 @@ node_get_by_nickname,(const char *nickname, int warn_if_unnamed)) const ed25519_public_key_t * node_get_ed25519_id(const node_t *node) { + const ed25519_public_key_t *ri_pk = NULL; + const ed25519_public_key_t *md_pk = NULL; if (node->ri) { if (node->ri->cache_info.signing_key_cert) { - const ed25519_public_key_t *pk = - &node->ri->cache_info.signing_key_cert->signing_key; - if (BUG(ed25519_public_key_is_zero(pk))) - goto try_the_md; - return pk; + ri_pk = &node->ri->cache_info.signing_key_cert->signing_key; + if (BUG(ed25519_public_key_is_zero(ri_pk))) + ri_pk = NULL; } } - try_the_md: + if (node->md) { if (node->md->ed25519_identity_pkey) { - return node->md->ed25519_identity_pkey; + md_pk = node->md->ed25519_identity_pkey; } } - return NULL; + + if (ri_pk && md_pk) { + if (ed25519_pubkey_eq(ri_pk, md_pk)) { + return ri_pk; + } else { + log_warn(LD_GENERAL, "Inconsistent ed25519 identities in the nodelist"); + return NULL; + } + } else if (ri_pk) { + return ri_pk; + } else { + return md_pk; + } } /** Return true iff this node's Ed25519 identity matches id.