fix bug 880: find the end of an authority cert by looking for the first ----END SIGNA...

svn:r17470

diff --git a/ChangeLog b/ChangeLog
index 0cc791cea52b28eb425e243c301984fef8e92681..b5438817b6f2229f5863a8a58f0c2dd49951ca46 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,6 +31,9 @@ Changes in version 0.2.1.8-alpha - 2008-??-??
       fds when our disk is full.  Fixes bug 861.
     - Stop erroneous use of O_APPEND in cases where we did not in fact
       want to re-seek to the end of a file before every last write().
+    - Correct handling of possible malformed authority signing key
+      certificates with internal signature types.  Fixes bug 880.
+      Bugfix on 0.2.0.3-alpha.
 
   o Minor features:
     - Report the case where all signatures in a detached set are rejected

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 5230d481e7e5efb64e9bc5335dea126f83bb4343..701012043dc346f7a03f9cb055772bfa869da3d5 100644 (file)
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1563,7 +1563,12 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string)
   memarea_t *area = NULL;
 
   s = eat_whitespace(s);
-  eos = strstr(s, "\n-----END SIGNATURE-----\n");
+  eos = strstr(s, "\ndir-key-certification");
+  if (! eos) {
+    log_warn(LD_DIR, "No signature found on key certificate");
+    return NULL;
+  }
+  eos = strstr(eos, "\n-----END SIGNATURE-----\n");
   if (! eos) {
     log_warn(LD_DIR, "No end-of-signature found on key certificate");
     return NULL;