document why we only allow 64 flags in votes

author Nick Mathewson <nickm@torproject.org>

Fri, 14 Sep 2012 14:10:16 +0000 (10:10 -0400)

committer Nick Mathewson <nickm@torproject.org>

Fri, 14 Sep 2012 14:10:16 +0000 (10:10 -0400)
author Nick Mathewson <nickm@torproject.org>
Fri, 14 Sep 2012 14:10:16 +0000 (10:10 -0400)
committer Nick Mathewson <nickm@torproject.org>
Fri, 14 Sep 2012 14:10:16 +0000 (10:10 -0400)
diff --git a/src/or/routerparse.c b/src/or/routerparse.c

index 496b90d4ad412fd38a6eaf71907332779ea7bc0d..43a95e88c1709abf4a685fff19afe649a00221d6 100644 (file)
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -3006,6 +3006,11 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
    }
    if (ns->type != NS_TYPE_CONSENSUS &&
        smartlist_len(ns->known_flags) > MAX_KNOWN_FLAGS_IN_VOTE) {
+    /* If we allowed more than 64 flags in votes, then parsing them would make
+     * us invoke undefined behavior whenever we used 1<<flagnum to do a
+     * bit-shift. This is only for votes and opinions: consensus users don't
+     * care about flags they don't recognize, and so don't build a bitfield
+     * for them. */
      log_warn(LD_DIR, "Too many known-flags in consensus vote or opinion");
      goto err;
    }
author	Nick Mathewson <nickm@torproject.org>
	Fri, 14 Sep 2012 14:10:16 +0000 (10:10 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Fri, 14 Sep 2012 14:10:16 +0000 (10:10 -0400)