diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-09-14 10:10:23 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-09-14 10:10:23 -0400 |
| commit | 286e95f0a5dcebe226f7b1c3372de540b75ea460 (patch) | |
| tree | 771455cec9deb145743b438c58f48251cd75924f | |
| parent | e4ce8cd9691708d9bc0bcc9904d656fe35001946 (diff) | |
| parent | 68caa834f4ed9cae16a551c9fc63ea982c9f1904 (diff) | |
| download | tor-286e95f0a5dcebe226f7b1c3372de540b75ea460.tar tor-286e95f0a5dcebe226f7b1c3372de540b75ea460.tar.gz | |
Merge branch 'bug6833'
| -rw-r--r-- | changes/bug6833 | 4 | ||||
| -rw-r--r-- | src/or/or.h | 3 | ||||
| -rw-r--r-- | src/or/routerparse.c | 10 |
3 files changed, 17 insertions, 0 deletions
diff --git a/changes/bug6833 b/changes/bug6833 new file mode 100644 index 000000000..4a6a5d3bb --- /dev/null +++ b/changes/bug6833 @@ -0,0 +1,4 @@ + o Minor bugfixes (directory authority): + - Reject consensus votes with more than 64 known-flags. We aren't even + close to that limit yet, and our code doesn't handle it + correctly. Fixes bug 6833; bugfix on 0.2.0.1-alpha. diff --git a/src/or/or.h b/src/or/or.h index bb5482bf8..f7914b830 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2101,6 +2101,9 @@ typedef struct vote_microdesc_hash_t { typedef struct vote_routerstatus_t { routerstatus_t status; /**< Underlying 'status' object for this router. * Flags are redundant. */ + /** How many known-flags are allowed in a vote? This is the width of + * the flags field of vote_routerstatus_t */ +#define MAX_KNOWN_FLAGS_IN_VOTE 64 uint64_t flags; /**< Bit-field for all recognized flags; index into * networkstatus_t.known_flags. */ char *version; /**< The version that the authority says this router is diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 22f7d78d8..43a95e88c 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -3004,6 +3004,16 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, log_warn(LD_DIR, "known-flags not in order"); goto err; } + if (ns->type != NS_TYPE_CONSENSUS && + smartlist_len(ns->known_flags) > MAX_KNOWN_FLAGS_IN_VOTE) { + /* If we allowed more than 64 flags in votes, then parsing them would make + * us invoke undefined behavior whenever we used 1<<flagnum to do a + * bit-shift. This is only for votes and opinions: consensus users don't + * care about flags they don't recognize, and so don't build a bitfield + * for them. */ + log_warn(LD_DIR, "Too many known-flags in consensus vote or opinion"); + goto err; + } tok = find_opt_by_keyword(tokens, K_PARAMS); if (tok) { |