From 06f1e959c218bfbe0b85bbd0acc59b8f408fbc99 Mon Sep 17 00:00:00 2001
From: Alexander Færøy <ahf@torproject.org>
Date: Sat, 16 May 2020 15:34:37 +0000
Subject: Add constness to length variables in `tor_tls_cert_matches_key`.

We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
`tor_tls_cert_matches_key` to ensure that we don't accidentally alter
the variables.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
---
 src/lib/tls/tortls_nss.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index f7792e07a2..f1ef3ef277 100644
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -739,8 +739,8 @@ tor_tls_cert_matches_key,(const tor_tls_t *tls,
    * in seckey.c in the NSS source tree. This function also does the conversion
    * between bits and bytes.
    */
-  unsigned int peer_info_orig_len = peer_info->subjectPublicKey.len;
-  unsigned int cert_info_orig_len = cert_info->subjectPublicKey.len;
+  const unsigned int peer_info_orig_len = peer_info->subjectPublicKey.len;
+  const unsigned int cert_info_orig_len = cert_info->subjectPublicKey.len;
 
   peer_info->subjectPublicKey.len = (peer_info_orig_len >> 3);
   cert_info->subjectPublicKey.len = (cert_info_orig_len >> 3);
-- 
cgit v1.2.3-54-g00ecf