fix bug 5572

src/or/config.c

@@ -1332,6 +1332,7 @@ options_act(const or_options_t *old_options)
   or_options_t *options = get_options_mutable();
   int running_tor = options->command == CMD_RUN_TOR;
   char *msg;
+  char *keydir;
   const int transition_affects_workers =
     old_options && options_transition_affects_workers(old_options, options);
 
@@ -1462,6 +1463,12 @@ options_act(const or_options_t *old_options)
     if (!old_options) {
       if (options->DynamicDHGroups) {
         char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
+        keydir = get_datadir_fname("keys");
+        if (check_private_dir(keydir, CPD_CREATE, options->User)) {
+          tor_free(keydir);
+          return -1;
+        }
+        tor_free(keydir);
         crypto_set_tls_dh_prime(fname);
         tor_free(fname);
       } else {
@@ -1470,6 +1477,12 @@ options_act(const or_options_t *old_options)
     } else {
       if (options->DynamicDHGroups && !old_options->DynamicDHGroups) {
         char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
+        keydir = get_datadir_fname("keys");
+        if (check_private_dir(keydir, CPD_CREATE, options->User)) {
+          tor_free(keydir);
+          return -1;
+        }
+        tor_free(keydir);
         crypto_set_tls_dh_prime(fname);
         tor_free(fname);
       } else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) {