Backport: fix bug 880: find the end of an authority cert by looking for the first ----END SIGNATURE----- after the first dir-key-certification, not for the first ----END SIGNATURE. Harmless bug, but it made us non-spec-compliant.

svn:r17471
2008-12-03 03:45:23 +00:00 · 2008-12-03 03:45:23 +00:00 · 05c185bec1
parent 0ee5704545
commit 05c185bec1
2 changed files with 9 additions and 1 deletions
--- a/3
+++ b/3
@ -7,6 +7,9 @@ Changes in version 0.2.0.33 - 200?-??-??
    - Compile without warnings on solaris.
    - Avoid potential crash on internal error during signature collection.
      Fixes bug 864.  Patch from rovv.
+    - Correct handling of possible malformed authority signing key
+      certificates with internal signature types.  Fixes bug 880.
+      Bugfix on 0.2.0.3-alpha.

  o Minor features:
    - Report the case where all signatures in a detached set are rejected
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@ -1483,7 +1483,12 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string)
  int found;

  s = eat_whitespace(s);
-  eos = strstr(s, "\n-----END SIGNATURE-----\n");
+  eos = strstr(s, "\ndir-key-certification");
+  if (! eos) {
+    log_warn(LD_DIR, "No signature found on key certificate");
+    return NULL;
+  }
+  eos = strstr(eos, "\n-----END SIGNATURE-----\n");
  if (! eos) {
    log_warn(LD_DIR, "No end-of-signature found on key certificate");
    return NULL;