From 15cd79f83232d8be84992f809cd1951939d1d5ee Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 3 Jul 2013 12:01:37 -0400 Subject: FIx undefined behavior in dirvote.c Fix a bug in the voting algorithm that could yield incorrect results when a non-naming authority declared too many flags. Fixes bug 9200; bugfix on 0.2.0.3-alpha. Found by coverity scan. --- src/or/dirvote.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/or') diff --git a/src/or/dirvote.c b/src/or/dirvote.c index 0c386e604..7537fb8b2 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -1727,7 +1727,8 @@ networkstatus_compute_consensus(smartlist_t *votes, if (rs->flags & (U64_LITERAL(1) << i)) ++flag_counts[flag_map[v_sl_idx][i]]; } - if (rs->flags & (U64_LITERAL(1) << named_flag[v_sl_idx])) { + if (named_flag[v_sl_idx] >= 0 && + (rs->flags & (U64_LITERAL(1) << named_flag[v_sl_idx]))) { if (chosen_name && strcmp(chosen_name, rs->status.nickname)) { log_notice(LD_DIR, "Conflict on naming for router: %s vs %s", chosen_name, rs->status.nickname); -- cgit v1.2.3