Fix a spec conformance issue when parsing a ns vote

A vote may only contain exactly one signature. Make sure we reject
votes that violate this.

Problem found by Rotor, who also helped writing the patch. Thanks!

diff --git a/ChangeLog b/ChangeLog
index bfbbaa9796ecdac17fd656d08dfae6741d833642..a3e19b4fdefa948958c1d0432bbc50ec8f964cef 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,8 @@ Changes in version 0.2.2.2-alpha - 2009-09-??
       Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
     - Fix parsing for memory or time units given without a space between
       the number and the unit.  Bugfix on 0.2.2.1-alpha; fixes bug 1076.
+    - A networkstatus vote must contain exactly one signature. Spec
+      conformance issue. Bugfix on 0.2.0.3-alpha.
 
 
 Changes in version 0.2.2.1-alpha - 2009-08-26

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 4137dd2812b31dd8247322cbcaca4214cebe27f0..aca559c00aca40f6e08b85afb2b01f8687b474e9 100644 (file)
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -2616,6 +2616,10 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
   if (! n_signatures) {
     log_warn(LD_DIR, "No signatures on networkstatus vote.");
     goto err;
+  } else if (ns->type == NS_TYPE_VOTE && n_signatures != 1) {
+    log_warn(LD_DIR, "Received more than one signature on a "
+             "network-status vote.");
+    goto err;
   }
 
   if (eos_out)