[or-cvs] [tor/master] Don't believe unauthenticated info in a consensus.

[nickm at torproject.org]

Author: Nick Mathewson <nickm at torproject.org>
Date: Fri, 26 Feb 2010 01:02:20 -0500
Subject: Don't believe unauthenticated info in a consensus.
Commit: 1e1d471002c976477919b2e41fbe62457998e5c0

Don't allow anything but directory-signature tokens in a consensus after
the first directory-signature token.  Fixes bug in bandwidth-weights branch.
Found by "outofwords."
---
 src/or/routerparse.c |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 9e197c4..99cd29d 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -3075,6 +3075,18 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
     goto err;
   }
 
+  {
+    int found_sig = 0;
+    SMARTLIST_FOREACH_BEGIN(footer_tokens, directory_token_t *, _tok) {
+      if (tok->tp == K_DIRECTORY_SIGNATURE)
+        found_sig = 1;
+      else if (found_sig) {
+        log_warn(LD_DIR, "Extraneous token after first directory-signature");
+        goto err;
+      }
+    } SMARTLIST_FOREACH_END(_tok);
+  }
+
   tok = find_opt_by_keyword(footer_tokens, K_BW_WEIGHTS);
   if (tok) {
     ns->weight_params = smartlist_create();
-- 
1.6.5