commit 96d2a21683cdfe25b549e13fa450d4b12fb945b2 Author: Nick Mathewson nickm@torproject.org Date: Mon Sep 17 09:52:43 2012 -0400

Avoid sign-extending when computing rend auth type.

Right-shifting negative values has implementation-defined behavior. On all the platforms we work on right now, the behavior is to sign-extend the input. That isn't what we wanted in

auth_type_val = (descriptor_cookie_tmp[16] >> 4) + 1;

Fix for 6861; bugfix on 0.2.1.5-alpha; reported pseudonymously.

The broken behavior didn't actually hurt anything, I think, since the only way to get sign-extension to happen would be to have the top bit of descriptor_cookie_tmp[16] set, which would make the value of descriptor_cookie_tmp[16] >> 4 somewhere between 0b11111111 and 0b11111000 (that is, between -1 and -8). So auth_type_val would be between -7 and 0. And the immediate next line does:

if (auth_type_val < 1 || auth_type_val > 2) {

So the incorrectly computed auth_type_val would be rejected as invalid, just as a correctly computed auth_type_val would be.

Still, this stuff shouldn't sit around the codebase. --- changes/bug6861 | 3 +++ src/or/rendclient.c | 2 +- 2 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/changes/bug6861 b/changes/bug6861 new file mode 100644 index 0000000..1040bd7 --- /dev/null +++ b/changes/bug6861 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Fix handling of rendezvous client authorization types over 8. + Fixes bug 6841; bugfix on 0.2.1.5-alpha. diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 73e1c41..2104a5b 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -1250,7 +1250,7 @@ rend_parse_service_authorization(const or_options_t *options, descriptor_cookie); goto err; } - auth_type_val = (descriptor_cookie_tmp[16] >> 4) + 1; + auth_type_val = (((uint8_t)descriptor_cookie_tmp[16]) >> 4) + 1; if (auth_type_val < 1 || auth_type_val > 2) { log_warn(LD_CONFIG, "Authorization cookie has unknown authorization " "type encoded.");