Correctly reject packages lines with empty entries

This commit is contained in:
Nick Mathewson 2015-01-29 14:04:57 -05:00
parent f935ee2dae
commit bd630a899a
2 changed files with 36 additions and 13 deletions

View File

@ -3300,22 +3300,38 @@ validate_recommended_package_line(const char *line)
WORD(); /* Skip URL */ WORD(); /* Skip URL */
++cp; ++cp;
/* Skip digestname=digestval + */ /* Skip digesttype=digestval + */
int foundeq = 0; int n_entries = 0;
while (*cp) { while (1) {
if (*cp == ' ') { const char *start_of_word = cp;
if (!foundeq) const char *end_of_word = strchr(cp, ' ');
return 0; if (! end_of_word)
foundeq = 0; end_of_word = cp + strlen(cp);
} else if (*cp == '=') {
if (++foundeq > 1) if (start_of_word == end_of_word)
return 0; return 0;
}
++cp; const char *eq = memchr(start_of_word, '=', end_of_word - start_of_word);
if (!eq)
return 0;
if (eq == start_of_word)
return 0;
if (eq == end_of_word - 1)
return 0;
if (memchr(eq+1, '=', end_of_word - (eq+1)))
return 0;
++n_entries;
if (0 == *end_of_word)
break;
cp = end_of_word + 1;
} }
if (!foundeq) if (n_entries == 0)
return 0; return 0;
return 1; return 1;
} }

View File

@ -2961,6 +2961,13 @@ test_dir_packages(void *arg)
BAD("tor "); BAD("tor ");
BAD("tor"); BAD("tor");
BAD(""); BAD("");
BAD("=foobar sha256="
"3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
BAD("= = sha256="
"3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
BAD("sha512= sha256="
"3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
votes = smartlist_new(); votes = smartlist_new();
smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t))); smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));