From: Nick Mathewson Date: Wed, 15 Jul 2015 14:45:40 +0000 (-0400) Subject: Don't allow INIT_ED_KEY_{NO_REPAIR,NEEDCERT} to be used together. X-Git-Tag: tor-0.2.7.2-alpha~32^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c4ab8f74da5cb1bc3b2a484b7316eb5e8f9aeb87;p=thirdparty%2Ftor.git Don't allow INIT_ED_KEY_{NO_REPAIR,NEEDCERT} to be used together. We haven't implemented NO_REPAIR for NEEDCERT, and we don't need it: but it's safest to stop any attempt to use it that way. --- diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 77bbcfd49f..c9afad9b6b 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -196,6 +196,10 @@ ed_key_init_from_file(const char *fname, uint32_t flags, const int encrypt_key = (flags & INIT_ED_KEY_TRY_ENCRYPTED); const int norepair = (flags & INIT_ED_KEY_NO_REPAIR); + /* we don't support setting both of these flags at once. */ + tor_assert((flags & (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)) != + (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)); + char tag[8]; tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type);