Merge branch 'bug27772_squashed'

2 files changed, 9 insertions, 2 deletions

diff --git a/src/feature/dirparse/policy_parse.c b/src/feature/dirparse/policy_parse.c
index e102a62282..f9102dd873 100644
--- a/src/feature/dirparse/policy_parse.c
+++ b/src/feature/dirparse/policy_parse.c
@@ -168,7 +168,14 @@ router_parse_addr_policy(directory_token_t *tok, unsigned fmt_flags)
     return NULL;
   }
 
-  return addr_policy_get_canonical_entry(&newe);
+  addr_policy_t *result = addr_policy_get_canonical_entry(&newe);
+  /* It would be a nasty error to return 'newe', and sometimes
+   * addr_policy_get_canonical_entry() can return its argument.  But in this
+   * case, it won't, since newe is *not* canonical.  We assert here to make
+   * sure that the compiler knows it too.
+   */
+  tor_assert(result != &newe);
+  return result;
 }
 
 /** Parse an exit policy line of the format "accept[6]/reject[6] private:...".
@@ -215,4 +222,3 @@ router_parse_addr_policy_private(directory_token_t *tok)
 
   return addr_policy_get_canonical_entry(&result);
 }
-
diff --git a/src/feature/nodelist/torcert.c b/src/feature/nodelist/torcert.c
index 675d5c97b7..9962ed653f 100644
--- a/src/feature/nodelist/torcert.c
+++ b/src/feature/nodelist/torcert.c
@@ -51,6 +51,7 @@ tor_cert_sign_impl(const ed25519_keypair_t *signing_key,
   tor_cert_t *torcert = NULL;
 
   ed25519_cert_t *cert = ed25519_cert_new();
+  tor_assert(cert); // Trunnel's new functions can return NULL.
   cert->cert_type = cert_type;
   cert->exp_field = (uint32_t) CEIL_DIV(now + lifetime, 3600);
   cert->cert_key_type = signed_key_type;