diff options
author | George Kadianakis <desnacked@riseup.net> | 2016-05-24 13:56:39 +0300 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2016-07-01 14:01:41 -0400 |
commit | f6f4668b1d0dec1a9afc25ef9d7fcd884cc55608 (patch) | |
tree | bba407b7797dd7ad4874dd38170e32787198d023 | |
parent | 5fe9a50c310b8af4c9447475ec9e3748b24984f0 (diff) | |
download | tor-f6f4668b1d0dec1a9afc25ef9d7fcd884cc55608.tar.gz tor-f6f4668b1d0dec1a9afc25ef9d7fcd884cc55608.zip |
prop250: Don't reject votes containing commits of unknown dirauths.
Instead just ignore those commits.
Squash this commit with 33b2ade.
-rw-r--r-- | src/or/shared_random.c | 19 | ||||
-rw-r--r-- | src/test/test_shared_random.c | 8 |
2 files changed, 14 insertions, 13 deletions
diff --git a/src/or/shared_random.c b/src/or/shared_random.c index 8427b680a7..7da6daf62f 100644 --- a/src/or/shared_random.c +++ b/src/or/shared_random.c @@ -599,6 +599,16 @@ should_keep_commit(const sr_commit_t *commit, const char *voter_key, goto ignore; } + /* Let's make sure, for extra safety, that this fingerprint is known to + * us. Even though this comes from a vote, doesn't hurt to be + * extracareful. */ + if (trusteddirserver_get_by_v3_auth_digest(commit->rsa_identity) == NULL) { + log_warn(LD_DIR, "SR: Fingerprint %s is not from a recognized " + "authority. Discarding commit.", + escaped(commit->rsa_identity)); + goto ignore; + } + /* Check if the authority that voted for <b>commit</b> has already posted * a commit before. */ saved_commit = sr_state_get_commit(commit->rsa_identity); @@ -1108,15 +1118,6 @@ sr_parse_commit(const smartlist_t *args) escaped(rsa_identity_fpr)); goto error; } - /* Let's make sure, for extra safety, that this fingerprint is known to - * us. Even though this comes from a vote, doesn't hurt to be - * extracareful. */ - if (trusteddirserver_get_by_v3_auth_digest(digest) == NULL) { - log_warn(LD_DIR, "SR: Fingerprint %s is not from a recognized " - "authority. Discarding commit.", - escaped(rsa_identity_fpr)); - goto error; - } /* Allocate commit since we have a valid identity now. */ commit = commit_new(digest); diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index 18d45b5eba..dcd71e01aa 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -277,9 +277,6 @@ test_sr_commit(void *arg) (void) arg; - MOCK(trusteddirserver_get_by_v3_auth_digest, - trusteddirserver_get_by_v3_auth_digest_m); - { /* Setup a minimal dirauth environment for this test */ or_options_t *options = get_options_mutable(); @@ -366,7 +363,6 @@ test_sr_commit(void *arg) done: smartlist_free(args); sr_commit_free(our_commit); - UNMOCK(trusteddirserver_get_by_v3_auth_digest); } /* Test the encoding and decoding function for commit and reveal values. */ @@ -1121,6 +1117,9 @@ test_keep_commit(void *arg) (void) arg; + MOCK(trusteddirserver_get_by_v3_auth_digest, + trusteddirserver_get_by_v3_auth_digest_m); + { /* Setup a minimal dirauth environment for this test */ crypto_pk_t *k = crypto_pk_new(); /* Have a key that is not the one from our commit. */ @@ -1199,6 +1198,7 @@ test_keep_commit(void *arg) done: sr_commit_free(commit); sr_commit_free(dup_commit); + UNMOCK(trusteddirserver_get_by_v3_auth_digest); } static void |