fix bug 880: find the end of an authority cert by looking for the first ----END SIGNATURE----- after the first dir-key-certification, not for the first ----END SIGNATURE. Harmless bug, but it made us non-spec-compliant.

svn:r17470

2 files changed, 9 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 0cc791cea5..b5438817b6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,6 +31,9 @@ Changes in version 0.2.1.8-alpha - 2008-??-??
       fds when our disk is full.  Fixes bug 861.
     - Stop erroneous use of O_APPEND in cases where we did not in fact
       want to re-seek to the end of a file before every last write().
+    - Correct handling of possible malformed authority signing key
+      certificates with internal signature types.  Fixes bug 880.
+      Bugfix on 0.2.0.3-alpha.
 
   o Minor features:
     - Report the case where all signatures in a detached set are rejected
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 5230d481e7..701012043d 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1563,7 +1563,12 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string)
   memarea_t *area = NULL;
 
   s = eat_whitespace(s);
-  eos = strstr(s, "\n-----END SIGNATURE-----\n");
+  eos = strstr(s, "\ndir-key-certification");
+  if (! eos) {
+    log_warn(LD_DIR, "No signature found on key certificate");
+    return NULL;
+  }
+  eos = strstr(eos, "\n-----END SIGNATURE-----\n");
   if (! eos) {
     log_warn(LD_DIR, "No end-of-signature found on key certificate");
     return NULL;