1 files changed, 12 insertions, 10 deletions

diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c
index 51ced6289d..ab0762e17e 100644
--- a/src/feature/relay/router.c
+++ b/src/feature/relay/router.c
@@ -284,19 +284,17 @@ construct_ntor_key_map(void)
 {
   di_digest256_map_t *m = NULL;
 
-  if (!fast_mem_is_zero((const char*)
-                       curve25519_onion_key.pubkey.public_key,
-                       CURVE25519_PUBKEY_LEN)) {
-    dimap_add_entry(&m,
-                    curve25519_onion_key.pubkey.public_key,
+  const uint8_t *cur_pk = curve25519_onion_key.pubkey.public_key;
+  const uint8_t *last_pk = last_curve25519_onion_key.pubkey.public_key;
+
+  if (!fast_mem_is_zero((const char *)cur_pk, CURVE25519_PUBKEY_LEN)) {
+    dimap_add_entry(&m, cur_pk,
                     tor_memdup(&curve25519_onion_key,
                                sizeof(curve25519_keypair_t)));
   }
-  if (!fast_mem_is_zero((const char*)
-                          last_curve25519_onion_key.pubkey.public_key,
-                       CURVE25519_PUBKEY_LEN)) {
-    dimap_add_entry(&m,
-                    last_curve25519_onion_key.pubkey.public_key,
+  if (!fast_mem_is_zero((const char*)last_pk, CURVE25519_PUBKEY_LEN) &&
+      tor_memneq(cur_pk, last_pk, CURVE25519_PUBKEY_LEN)) {
+    dimap_add_entry(&m, last_pk,
                     tor_memdup(&last_curve25519_onion_key,
                                sizeof(curve25519_keypair_t)));
   }
@@ -3465,6 +3463,10 @@ router_free_all(void)
   crypto_pk_free(server_identitykey);
   crypto_pk_free(client_identitykey);
 
+  /* Destroying a locked mutex is undefined behaviour. This mutex may be
+   * locked, because multiple threads can access it. But we need to destroy
+   * it, otherwise re-initialisation will trigger undefined behaviour.
+   * See #31735 for details. */
   tor_mutex_free(key_lock);
   routerinfo_free(desc_routerinfo);
   extrainfo_free(desc_extrainfo);