[tor-commits] [tor/master] Correctly reject packages lines with empty entries

nickm at torproject.org nickm at torproject.org
Fri Jan 30 12:37:04 UTC 2015 

commit bd630a899a1ff7658a0c52327fa3cce59e7213b4
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Jan 29 14:04:57 2015 -0500

    Correctly reject packages lines with empty entries
---
 src/or/dirserv.c    |   42 +++++++++++++++++++++++++++++-------------
 src/test/test_dir.c |    7 +++++++
 2 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 3785d9a..5c59fc7 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -3300,22 +3300,38 @@ validate_recommended_package_line(const char *line)
   WORD(); /* Skip URL */
   ++cp;
 
-  /* Skip digestname=digestval + */
-  int foundeq = 0;
-  while (*cp) {
-    if (*cp == ' ') {
-      if (!foundeq)
-        return 0;
-      foundeq = 0;
-    } else if (*cp == '=') {
-      if (++foundeq > 1)
-        return 0;
-    }
-    ++cp;
+  /* Skip digesttype=digestval + */
+  int n_entries = 0;
+  while (1) {
+    const char *start_of_word = cp;
+    const char *end_of_word = strchr(cp, ' ');
+    if (! end_of_word)
+      end_of_word = cp + strlen(cp);
+
+    if (start_of_word == end_of_word)
+      return 0;
+
+    const char *eq = memchr(start_of_word, '=', end_of_word - start_of_word);
+
+    if (!eq)
+      return 0;
+    if (eq == start_of_word)
+      return 0;
+    if (eq == end_of_word - 1)
+      return 0;
+    if (memchr(eq+1, '=', end_of_word - (eq+1)))
+      return 0;
+
+    ++n_entries;
+    if (0 == *end_of_word)
+      break;
+
+    cp = end_of_word + 1;
   }
 
-  if (!foundeq)
+  if (n_entries == 0)
     return 0;
+
   return 1;
 }
 
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index 7d3d414..efc3ec7 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -2961,6 +2961,13 @@ test_dir_packages(void *arg)
   BAD("tor ");
   BAD("tor");
   BAD("");
+  BAD("=foobar sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+  BAD("= = sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+
+  BAD("sha512= sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
 
   votes = smartlist_new();
   smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));

More information about the tor-commits mailing list