Don't init control authchallenge nonce as assert side effect

Fixes part of bug 15211.

changes/bug15211

@@ -1,5 +1,5 @@
   o Minor bugfixes:
     - Remove side-effects from tor_assert() calls. This was harmless,
       because we never disable assertions, but it is bad style and
-      unnecessary. Fixes bug 15211; bugfix on 0.2.5.5.
+      unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36.
 

src/or/control.c

@@ -3102,8 +3102,8 @@ handle_control_authchallenge(control_connection_t *conn, uint32_t len,
     tor_free(client_nonce);
     return -1;
   }
-
-  tor_assert(!crypto_rand(server_nonce, SAFECOOKIE_SERVER_NONCE_LEN));
+  int fail = crypto_rand(server_nonce, SAFECOOKIE_SERVER_NONCE_LEN);
+  tor_assert(!fail);
 
   /* Now compute and send the server-to-controller response, and the
    * server's nonce. */