diff options
| -rw-r--r-- | changes/cov479 | 5 | ||||
| -rw-r--r-- | changes/cov484 | 4 | ||||
| -rw-r--r-- | src/common/crypto.c | 4 | ||||
| -rw-r--r-- | src/or/main.c | 3 |
4 files changed, 15 insertions, 1 deletions
diff --git a/changes/cov479 b/changes/cov479 new file mode 100644 index 000000000..afbaffc63 --- /dev/null +++ b/changes/cov479 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Fix internal bug-checking logic that was supposed to catch + failures in digest generation so that it will fail more robustly + if we ask for a nonexistent algorithm. Found by Coverity Scan. + Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479. diff --git a/changes/cov484 b/changes/cov484 new file mode 100644 index 000000000..33adbda18 --- /dev/null +++ b/changes/cov484 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Report any failure in init_keys() calls done because our IP address + has changed. Spotted by Coverity Scan. Bugfix on 0.1.1.4-alpha; + fixes CID 484. diff --git a/src/common/crypto.c b/src/common/crypto.c index 851f11bf3..235bd88ff 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1663,6 +1663,10 @@ crypto_digest_get_digest(crypto_digest_env_t *digest, SHA256_Final(r, &tmpenv.d.sha2); break; default: + log_warn(LD_BUG, "Called with unknown algorithm %d", digest->algorithm); + /* If fragile_assert is not enabled, then we should at least not + * leak anything. */ + memset(r, 0xff, sizeof(r)); tor_fragile_assert(); break; } diff --git a/src/or/main.c b/src/or/main.c index 95acea4f5..b1159746a 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1378,7 +1378,8 @@ ip_address_changed(int at_interface) if (at_interface) { if (! server) { /* Okay, change our keys. */ - init_keys(); + if (init_keys()<0) + log_warn(LD_GENERAL, "Unable to rotate keys after IP change!"); } } else { if (server) { |