[tor-commits] [tor/maint-0.3.2] Forbid "-0" as a protocol version.
nickm at torproject.org
nickm at torproject.org
Sat Mar 3 13:17:12 UTC 2018
commit 8b405c609e82fbfb5470967fc4c45165c708e72b
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Feb 15 08:46:13 2018 -0500
Forbid "-0" as a protocol version.
Fixes part of 24249; bugfix on 0.2.9.4-alpha.
---
changes/bug25249 | 3 +++
src/or/protover.c | 9 +++++++++
src/test/test_protover.c | 6 ++++--
3 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/changes/bug25249 b/changes/bug25249
new file mode 100644
index 000000000..b4153eeae
--- /dev/null
+++ b/changes/bug25249
@@ -0,0 +1,3 @@
+ o Minor bugfixes (spec conformance):
+ - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
+ 0.2.9.4-alpha.
diff --git a/src/or/protover.c b/src/or/protover.c
index e63036f78..f32316f8e 100644
--- a/src/or/protover.c
+++ b/src/or/protover.c
@@ -123,6 +123,11 @@ parse_version_range(const char *s, const char *end_of_range,
if (BUG(!end_of_range))
end_of_range = s + strlen(s); // LCOV_EXCL_LINE
+ /* A range must start with a digit. */
+ if (!TOR_ISDIGIT(*s)) {
+ goto error;
+ }
+
/* Note that this wouldn't be safe if we didn't know that eventually,
* we'd hit a NUL */
low = (uint32_t) tor_parse_ulong(s, 10, 0, UINT32_MAX, &ok, &next);
@@ -138,7 +143,11 @@ parse_version_range(const char *s, const char *end_of_range,
if (*next != '-')
goto error;
s = next+1;
+
/* ibid */
+ if (!TOR_ISDIGIT(*s)) {
+ goto error;
+ }
high = (uint32_t) tor_parse_ulong(s, 10, 0, UINT32_MAX, &ok, &next);
if (!ok)
goto error;
diff --git a/src/test/test_protover.c b/src/test/test_protover.c
index 609003a83..4c41b6db6 100644
--- a/src/test/test_protover.c
+++ b/src/test/test_protover.c
@@ -151,11 +151,11 @@ test_protover_vote(void *arg)
tt_str_op(result, OP_EQ, "");
tor_free(result);
- /* This fails in Rust, but not in C */
+ /* This fails, since "-0" is not valid. */
smartlist_clear(lst);
smartlist_add(lst, (void*) "Faux=-0");
result = protover_compute_vote(lst, 1);
- tt_str_op(result, OP_EQ, "Faux=0");
+ tt_str_op(result, OP_EQ, "");
tor_free(result);
/* Vote large protover lists that are just below the threshold */
@@ -301,6 +301,8 @@ test_protover_vote_roundtrip(void *args)
{ "Link=1,fred", NULL },
{ "Link=1,fred,3", NULL },
{ "Link=1,9-8,3", NULL },
+ { "Faux=-0", NULL },
+ { "Faux=0--0", NULL },
// "These fail at the splitting stage in Rust, but the number parsing
// stage in C."
{ "Faux=-1", NULL },
More information about the tor-commits
mailing list