[tor-commits] [tor/master] spec conformance: allow only one cert of each type

nickm at torproject.org nickm at torproject.org
Tue Oct 11 03:22:16 UTC 2011


commit d79ff2ce94ac1e0e4938517403f29c4e9aaf799c
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Oct 5 10:44:22 2011 -0400

    spec conformance: allow only one cert of each type
---
 src/or/command.c |   21 +++++++++++++++++----
 1 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/or/command.c b/src/or/command.c
index c1e2f5e..3bd6dd7 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -908,14 +908,27 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
                "Received undecodable certificate in CERT cell from %s:%d",
                safe_str(conn->_base.address), conn->_base.port);
       } else {
-        if (cert_type == OR_CERT_TYPE_TLS_LINK && !link_cert)
+        if (cert_type == OR_CERT_TYPE_TLS_LINK) {
+          if (link_cert) {
+            tor_cert_free(cert);
+            ERR("Too many TLS_LINK certificates");
+          }
           link_cert = cert;
-        else if (cert_type == OR_CERT_TYPE_ID_1024 && !id_cert)
+        } else if (cert_type == OR_CERT_TYPE_ID_1024) {
+          if (id_cert) {
+            tor_cert_free(cert);
+            ERR("Too many ID_1024 certificates");
+          }
           id_cert = cert;
-        else if (cert_type == OR_CERT_TYPE_AUTH_1024 && !auth_cert)
+        } else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
+          if (auth_cert) {
+            tor_cert_free(cert);
+            ERR("Too many AUTH_1024 certificates");
+          }
           auth_cert = cert;
-        else
+        } else {
           tor_cert_free(cert);
+        }
       }
     }
     ptr += 3 + cert_len;





More information about the tor-commits mailing list