spec conformance: allow only one cert of each type

author Nick Mathewson <nickm@torproject.org>

Wed, 5 Oct 2011 14:44:22 +0000 (10:44 -0400)

committer Nick Mathewson <nickm@torproject.org>

Tue, 11 Oct 2011 03:14:31 +0000 (23:14 -0400)
author Nick Mathewson <nickm@torproject.org>
Wed, 5 Oct 2011 14:44:22 +0000 (10:44 -0400)
committer Nick Mathewson <nickm@torproject.org>
Tue, 11 Oct 2011 03:14:31 +0000 (23:14 -0400)
diff --git a/src/or/command.c b/src/or/command.c

index c1e2f5e8e92969d2c1635e07f5b7d6f8ec6d2bfc..3bd6dd7fd39fd1c84ebbe87c791c6590c53717df 100644 (file)
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -908,14 +908,27 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
                 "Received undecodable certificate in CERT cell from %s:%d",
                 safe_str(conn->_base.address), conn->_base.port);
        } else {
-        if (cert_type == OR_CERT_TYPE_TLS_LINK && !link_cert)
+        if (cert_type == OR_CERT_TYPE_TLS_LINK) {
+          if (link_cert) {
+            tor_cert_free(cert);
+            ERR("Too many TLS_LINK certificates");
+          }
            link_cert = cert;
-        else if (cert_type == OR_CERT_TYPE_ID_1024 && !id_cert)
+        } else if (cert_type == OR_CERT_TYPE_ID_1024) {
+          if (id_cert) {
+            tor_cert_free(cert);
+            ERR("Too many ID_1024 certificates");
+          }
            id_cert = cert;
-        else if (cert_type == OR_CERT_TYPE_AUTH_1024 && !auth_cert)
+        } else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
+          if (auth_cert) {
+            tor_cert_free(cert);
+            ERR("Too many AUTH_1024 certificates");
+          }
            auth_cert = cert;
-        else
+        } else {
            tor_cert_free(cert);
+        }
        }
      }
      ptr += 3 + cert_len;
author	Nick Mathewson <nickm@torproject.org>
	Wed, 5 Oct 2011 14:44:22 +0000 (10:44 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Tue, 11 Oct 2011 03:14:31 +0000 (23:14 -0400)