fix bug 880: find the end of an authority cert by looking for the first ----END SIGNATURE----- after the first dir-key-certification, not for the first ----END SIGNATURE. Harmless bug, but it made us non-spec-compliant.

svn:r17470
2024-11-19 18:00:33 +01:00 · 2008-12-03 03:42:19 +00:00 · 2008-12-03 03:42:19 +00:00 · a26188cee9
commit a26188cee9
parent 14fae5f2b3
2 changed files with 9 additions and 1 deletions
--- a/3
+++ b/3
@ -31,6 +31,9 @@ Changes in version 0.2.1.8-alpha - 2008-??-??
      fds when our disk is full.  Fixes bug 861.
    - Stop erroneous use of O_APPEND in cases where we did not in fact
      want to re-seek to the end of a file before every last write().
+    - Correct handling of possible malformed authority signing key
+      certificates with internal signature types.  Fixes bug 880.
+      Bugfix on 0.2.0.3-alpha.

  o Minor features:
    - Report the case where all signatures in a detached set are rejected
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@ -1563,7 +1563,12 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string)
  memarea_t *area = NULL;

  s = eat_whitespace(s);
-  eos = strstr(s, "\n-----END SIGNATURE-----\n");
+  eos = strstr(s, "\ndir-key-certification");
+  if (! eos) {
+    log_warn(LD_DIR, "No signature found on key certificate");
+    return NULL;
+  }
+  eos = strstr(eos, "\n-----END SIGNATURE-----\n");
  if (! eos) {
    log_warn(LD_DIR, "No end-of-signature found on key certificate");
    return NULL;