From: Nick Mathewson <nickm@torproject.org>
Date: Fri, 26 Feb 2010 06:02:20 +0000 (-0500)
Subject: Don't believe unauthenticated info in a consensus.
X-Git-Tag: tor-0.2.2.10-alpha~13
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1e1d471002c976477919b2e41fbe62457998e5c0;p=thirdparty%2Ftor.git

Don't believe unauthenticated info in a consensus.

Don't allow anything but directory-signature tokens in a consensus after
the first directory-signature token.  Fixes bug in bandwidth-weights branch.
Found by "outofwords."
---

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 9e197c4377..99cd29d6d7 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -3075,6 +3075,18 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
     goto err;
   }
 
+  {
+    int found_sig = 0;
+    SMARTLIST_FOREACH_BEGIN(footer_tokens, directory_token_t *, _tok) {
+      if (tok->tp == K_DIRECTORY_SIGNATURE)
+        found_sig = 1;
+      else if (found_sig) {
+        log_warn(LD_DIR, "Extraneous token after first directory-signature");
+        goto err;
+      }
+    } SMARTLIST_FOREACH_END(_tok);
+  }
+
   tok = find_opt_by_keyword(footer_tokens, K_BW_WEIGHTS);
   if (tok) {
     ns->weight_params = smartlist_create();