diff options
| author | Alexander Færøy <ahf@torproject.org> | 2020-05-16 15:34:37 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-07-06 16:19:16 -0400 |
| commit | 06f1e959c218bfbe0b85bbd0acc59b8f408fbc99 (patch) | |
| tree | 43a4659e60523b3327592a2fe50177aac0dd9dc3 | |
| parent | b46984e97ec4064ac8178ea9b3bf6985a4f2f632 (diff) | |
| download | tor-06f1e959c218bfbe0b85bbd0acc59b8f408fbc99.tar.gz tor-06f1e959c218bfbe0b85bbd0acc59b8f408fbc99.zip | |
Add constness to length variables in `tor_tls_cert_matches_key`.
We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
`tor_tls_cert_matches_key` to ensure that we don't accidentally alter
the variables.
This patch is part of the fix for TROVE-2020-001.
See: https://bugs.torproject.org/33119
| -rw-r--r-- | src/lib/tls/tortls_nss.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c index f7792e07a2..f1ef3ef277 100644 --- a/src/lib/tls/tortls_nss.c +++ b/src/lib/tls/tortls_nss.c @@ -739,8 +739,8 @@ tor_tls_cert_matches_key,(const tor_tls_t *tls, * in seckey.c in the NSS source tree. This function also does the conversion * between bits and bytes. */ - unsigned int peer_info_orig_len = peer_info->subjectPublicKey.len; - unsigned int cert_info_orig_len = cert_info->subjectPublicKey.len; + const unsigned int peer_info_orig_len = peer_info->subjectPublicKey.len; + const unsigned int cert_info_orig_len = cert_info->subjectPublicKey.len; peer_info->subjectPublicKey.len = (peer_info_orig_len >> 3); cert_info->subjectPublicKey.len = (cert_info_orig_len >> 3); |