Move broken primes to dynamic_dh_modulus.broken.

2024-11-24 12:23:32 +01:00 · 2011-11-25 17:39:45 +01:00 · 2011-11-25 17:39:45 +01:00 · 1df6b5a734
commit 1df6b5a734
parent 4938bcc06a
1 changed files with 19 additions and 0 deletions
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@ -1900,6 +1900,7 @@ crypto_get_stored_dynamic_dh_modulus(const char *fname)
  char *contents = NULL;
  DH *dh = NULL;
  int dh_codes;
+  char *fname_new = NULL;
  BIGNUM *dynamic_dh_modulus = BN_new();

  tor_assert(fname);
@ -1951,6 +1952,24 @@ crypto_get_stored_dynamic_dh_modulus(const char *fname)
  goto done;

 err:
+
+  { /* move broken prime to $filename.broken */
+
+    fname_new = tor_malloc(strlen(fname) + 8);
+
+    /* no can do if these functions return error */
+    strlcpy(fname_new, fname, strlen(fname) + 8);
+    strlcat(fname_new, ".broken", strlen(fname) + 8);
+
+    log_warn(LD_GENERAL, "Moving broken dynamic DH prime to '%s'.", fname_new);
+
+    if (replace_file(fname, fname_new))
+      log_warn(LD_GENERAL, "Error while moving '%s' to '%s'.", fname, fname_new);
+
+    tor_free(fname_new);
+
+  }
+
  if (dynamic_dh_modulus) {
    BN_free(dynamic_dh_modulus);
    dynamic_dh_modulus = NULL;