From a26188cee96f3a3224f92e1573c692e318ebf1b2 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 3 Dec 2008 03:42:19 +0000 Subject: [PATCH] fix bug 880: find the end of an authority cert by looking for the first ----END SIGNATURE----- after the first dir-key-certification, not for the first ----END SIGNATURE. Harmless bug, but it made us non-spec-compliant. svn:r17470 --- ChangeLog | 3 +++ src/or/routerparse.c | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0cc791cea5..b5438817b6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,9 @@ Changes in version 0.2.1.8-alpha - 2008-??-?? fds when our disk is full. Fixes bug 861. - Stop erroneous use of O_APPEND in cases where we did not in fact want to re-seek to the end of a file before every last write(). + - Correct handling of possible malformed authority signing key + certificates with internal signature types. Fixes bug 880. + Bugfix on 0.2.0.3-alpha. o Minor features: - Report the case where all signatures in a detached set are rejected diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 5230d481e7..701012043d 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1563,7 +1563,12 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string) memarea_t *area = NULL; s = eat_whitespace(s); - eos = strstr(s, "\n-----END SIGNATURE-----\n"); + eos = strstr(s, "\ndir-key-certification"); + if (! eos) { + log_warn(LD_DIR, "No signature found on key certificate"); + return NULL; + } + eos = strstr(eos, "\n-----END SIGNATURE-----\n"); if (! eos) { log_warn(LD_DIR, "No end-of-signature found on key certificate"); return NULL;