commit 7757679a8828d7f999b0e0a5594d213df027693b
parent 33a54e79a1124a4fbbcc23789e1a32b12c6d621c
Author: David Goulet <dgoulet@torproject.org>
Date: Wed, 11 Feb 2026 16:37:16 +0000
Merge branch 'bugfix/routerkeys-family-key' into 'main'
relay: refuse to overwrite existing family ID key
Closes #41184
See merge request tpo/core/tor!984
Diffstat:
2 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/changes/bugfix-41184 b/changes/bugfix-41184
@@ -0,0 +1,3 @@
+ o Minor bugfixes (relay) (bugfix on 0.4.9.x):
+ - Refuse to overwrite an existing *.secret_family_key when running
+ tor --keygen-family. Fixes bug 41184; bugfix on 0.4.9.x.
diff --git a/src/feature/relay/routerkeys.c b/src/feature/relay/routerkeys.c
@@ -877,6 +877,16 @@ create_family_id_key(const char *fname, ed25519_public_key_t *pk_out)
{
int r = -1;
ed25519_keypair_t *kp = tor_malloc_zero(sizeof(ed25519_keypair_t));
+
+ /* Refuse to overwrite an existing family key */
+ if (file_status(fname) == FN_FILE) {
+ log_warn(LD_GENERAL,
+ "Family key file '%s' already exists. "
+ "Refusing to overwrite existing family key.",
+ fname);
+ goto done;
+ }
+
if (ed25519_keypair_generate(kp, 1) < 0) {
log_warn(LD_BUG, "Can't generate ed25519 key!");
goto done;
