[tor-commits] [tor/master] Reject votes (not consensuses) with >64 known-flags

nickm at torproject.org nickm at torproject.org
Fri Sep 14 14:12:22 UTC 2012 

commit c8b98ba41ce37662cf14fdb3c6a74ae83b8b0bf8
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Sep 13 11:45:05 2012 -0400

    Reject votes (not consensuses) with >64 known-flags
    
    Our flag voting code needs to handle unrecognized flags, so it stores
    them in a 64-bit bitfield.  But we never actually checked for too many
    flags, so we were potentially doing stuff like U64_LITERAL(1)<<flagnum
    with flagnum >= 64.  That's undefined behavior.
    
    Fix for bug 6833; bugfix on 0.2.0.1-alpha.
---
 changes/bug6833      |    4 ++++
 src/or/or.h          |    3 +++
 src/or/routerparse.c |    5 +++++
 3 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/changes/bug6833 b/changes/bug6833
new file mode 100644
index 0000000..4a6a5d3
--- /dev/null
+++ b/changes/bug6833
@@ -0,0 +1,4 @@
+  o Minor bugfixes (directory authority):
+    - Reject consensus votes with more than 64 known-flags. We aren't even
+      close to that limit yet, and our code doesn't handle it
+      correctly. Fixes bug 6833; bugfix on 0.2.0.1-alpha.
diff --git a/src/or/or.h b/src/or/or.h
index bb5482b..f7914b8 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2101,6 +2101,9 @@ typedef struct vote_microdesc_hash_t {
 typedef struct vote_routerstatus_t {
   routerstatus_t status; /**< Underlying 'status' object for this router.
                           * Flags are redundant. */
+  /** How many known-flags are allowed in a vote? This is the width of
+   * the flags field of vote_routerstatus_t */
+#define MAX_KNOWN_FLAGS_IN_VOTE 64
   uint64_t flags; /**< Bit-field for all recognized flags; index into
                    * networkstatus_t.known_flags. */
   char *version; /**< The version that the authority says this router is
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 22f7d78..496b90d 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -3004,6 +3004,11 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
     log_warn(LD_DIR, "known-flags not in order");
     goto err;
   }
+  if (ns->type != NS_TYPE_CONSENSUS &&
+      smartlist_len(ns->known_flags) > MAX_KNOWN_FLAGS_IN_VOTE) {
+    log_warn(LD_DIR, "Too many known-flags in consensus vote or opinion");
+    goto err;
+  }
 
   tok = find_opt_by_keyword(tokens, K_PARAMS);
   if (tok) {

More information about the tor-commits mailing list