Correctly reject packages lines with empty entries

diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 3785d9adeea73905a52246bd1681dcf2c1758a05..5c59fc7a5ef0d416df00710f5b0a5734996a1374 100644 (file)
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -3300,22 +3300,38 @@ validate_recommended_package_line(const char *line)
   WORD(); /* Skip URL */
   ++cp;
 
-  /* Skip digestname=digestval + */
-  int foundeq = 0;
-  while (*cp) {
-    if (*cp == ' ') {
-      if (!foundeq)
-        return 0;
-      foundeq = 0;
-    } else if (*cp == '=') {
-      if (++foundeq > 1)
-        return 0;
-    }
-    ++cp;
+  /* Skip digesttype=digestval + */
+  int n_entries = 0;
+  while (1) {
+    const char *start_of_word = cp;
+    const char *end_of_word = strchr(cp, ' ');
+    if (! end_of_word)
+      end_of_word = cp + strlen(cp);
+
+    if (start_of_word == end_of_word)
+      return 0;
+
+    const char *eq = memchr(start_of_word, '=', end_of_word - start_of_word);
+
+    if (!eq)
+      return 0;
+    if (eq == start_of_word)
+      return 0;
+    if (eq == end_of_word - 1)
+      return 0;
+    if (memchr(eq+1, '=', end_of_word - (eq+1)))
+      return 0;
+
+    ++n_entries;
+    if (0 == *end_of_word)
+      break;
+
+    cp = end_of_word + 1;
   }
 
-  if (!foundeq)
+  if (n_entries == 0)
     return 0;
+
   return 1;
 }
 

diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index 7d3d41401db0d64c68bec2e90e91d8d096d5b1d7..efc3ec79407b5b0e54dd930c9433f2d18b57ee14 100644 (file)
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -2961,6 +2961,13 @@ test_dir_packages(void *arg)
   BAD("tor ");
   BAD("tor");
   BAD("");
+  BAD("=foobar sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+  BAD("= = sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+
+  BAD("sha512= sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
 
   votes = smartlist_new();
   smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));