diff options
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | src/or/routerparse.c | 8 |
2 files changed, 11 insertions, 0 deletions
@@ -6,6 +6,9 @@ Changes in version 0.2.1.20 - 2009-??-?? patch. Bugfix on the 54th commit on Tor -- from July 2002, before the release of Tor 0.0.0. This is the new winner of the oldest-bug prize. + - Fix a remotely triggerable memory leak when a consensus document + contains more than one signature from the same voter. Bugfix on + 0.2.0.3-alpha. o New directory authorities: - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 97dd20f4e3..189458ee1e 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -2509,6 +2509,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, } else { if (tok->object_size >= INT_MAX) goto err; + /* We already parsed a vote from this voter. Use the first one. */ + if (v->signature) { + log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus " + "that contains two votes from the same voter. Ignoring " + "the second vote."); + continue; + } + v->signature = tor_memdup(tok->object_body, tok->object_size); v->signature_len = (int) tok->object_size; } |