Move broken primes to dynamic_dh_modulus.broken.

This commit is contained in:
George Kadianakis 2011-11-25 17:39:45 +01:00
parent 4938bcc06a
commit 1df6b5a734

View File

@ -1900,6 +1900,7 @@ crypto_get_stored_dynamic_dh_modulus(const char *fname)
char *contents = NULL; char *contents = NULL;
DH *dh = NULL; DH *dh = NULL;
int dh_codes; int dh_codes;
char *fname_new = NULL;
BIGNUM *dynamic_dh_modulus = BN_new(); BIGNUM *dynamic_dh_modulus = BN_new();
tor_assert(fname); tor_assert(fname);
@ -1951,6 +1952,24 @@ crypto_get_stored_dynamic_dh_modulus(const char *fname)
goto done; goto done;
err: err:
{ /* move broken prime to $filename.broken */
fname_new = tor_malloc(strlen(fname) + 8);
/* no can do if these functions return error */
strlcpy(fname_new, fname, strlen(fname) + 8);
strlcat(fname_new, ".broken", strlen(fname) + 8);
log_warn(LD_GENERAL, "Moving broken dynamic DH prime to '%s'.", fname_new);
if (replace_file(fname, fname_new))
log_warn(LD_GENERAL, "Error while moving '%s' to '%s'.", fname, fname_new);
tor_free(fname_new);
}
if (dynamic_dh_modulus) { if (dynamic_dh_modulus) {
BN_free(dynamic_dh_modulus); BN_free(dynamic_dh_modulus);
dynamic_dh_modulus = NULL; dynamic_dh_modulus = NULL;