Stop logging stack contents when reading a zero-length bandwidth file

When directory authorities read a zero-byte bandwidth file, they log
a warning with the contents of an uninitialised buffer. Log a warning
about the empty file instead.

Fixes bug 26007; bugfix on 0.2.2.1-alpha.

2 files changed, 16 insertions, 2 deletions

diff --git a/changes/bug26007 b/changes/bug26007
new file mode 100644
index 0000000000..efcd15084d
--- /dev/null
+++ b/changes/bug26007
@@ -0,0 +1,5 @@
+  o Major bugfixes (directory authorities, security):
+    - When directory authorities read a zero-byte bandwidth file, they log
+      a warning with the contents of an uninitialised buffer. Log a warning
+      about the empty file instead.
+      Fixes bug 26007; bugfix on 0.2.2.1-alpha.
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 41c6bf3dc8..94290d5dd8 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -2750,14 +2750,23 @@ dirserv_read_measured_bandwidths(const char *from_file,
   time_t file_time, now;
   int ok;
 
+  /* Initialise line, so that we can't possibly run off the end. */
+  memset(line, 0, sizeof(line));
+
   if (fp == NULL) {
     log_warn(LD_CONFIG, "Can't open bandwidth file at configured location: %s",
              from_file);
     return -1;
   }
 
-  if (!fgets(line, sizeof(line), fp)
-          || !strlen(line) || line[strlen(line)-1] != '\n') {
+  /* If fgets fails, line is either unmodified, or indeterminate. */
+  if (!fgets(line, sizeof(line), fp)) {
+    log_warn(LD_DIRSERV, "Empty bandwidth file");
+    fclose(fp);
+    return -1;
+  }
+
+  if (!strlen(line) || line[strlen(line)-1] != '\n') {
     log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s",
              escaped(line));
     fclose(fp);