From 15cd79f83232d8be84992f809cd1951939d1d5ee Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 3 Jul 2013 12:01:37 -0400 Subject: FIx undefined behavior in dirvote.c Fix a bug in the voting algorithm that could yield incorrect results when a non-naming authority declared too many flags. Fixes bug 9200; bugfix on 0.2.0.3-alpha. Found by coverity scan. --- changes/bug9200 | 5 +++++ src/or/dirvote.c | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 changes/bug9200 diff --git a/changes/bug9200 b/changes/bug9200 new file mode 100644 index 0000000000..7b64dd1744 --- /dev/null +++ b/changes/bug9200 @@ -0,0 +1,5 @@ + o Major bugfixes: + - Fix a bug in the voting algorithm that could yield incorrect results + when a non-naming authority declared too many flags. Fixes bug 9200; + bugfix on 0.2.0.3-alpha. + diff --git a/src/or/dirvote.c b/src/or/dirvote.c index 0c386e604e..7537fb8b2e 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -1727,7 +1727,8 @@ networkstatus_compute_consensus(smartlist_t *votes, if (rs->flags & (U64_LITERAL(1) << i)) ++flag_counts[flag_map[v_sl_idx][i]]; } - if (rs->flags & (U64_LITERAL(1) << named_flag[v_sl_idx])) { + if (named_flag[v_sl_idx] >= 0 && + (rs->flags & (U64_LITERAL(1) << named_flag[v_sl_idx]))) { if (chosen_name && strcmp(chosen_name, rs->status.nickname)) { log_notice(LD_DIR, "Conflict on naming for router: %s vs %s", chosen_name, rs->status.nickname); -- cgit v1.2.3-54-g00ecf From b34279d3ab2bae2a1393427e0866da018cf8b678 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 8 Jul 2013 11:35:06 -0400 Subject: Add a comment and a check for why flag indices will be <= 63 --- src/or/dirvote.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/or/dirvote.c b/src/or/dirvote.c index 7537fb8b2e..e0af66e22d 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -1590,10 +1590,19 @@ networkstatus_compute_consensus(smartlist_t *votes, unnamed_flag[i] = named_flag[i] = -1; chosen_named_idx = smartlist_string_pos(flags, "Named"); - /* Build the flag index. */ + /* Build the flag indexes. Note that no vote can have more than 64 members + * for known_flags, so no value will be greater than 63, so it's safe to + * do U64_LITERAL(1) << index on these values. But note also that + * named_flag and unnamed_flag are initialized to -1, so we need to check + * that they're actually set before doing U64_LITERAL(1) << index with + * them.*/ SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) { flag_map[v_sl_idx] = tor_malloc_zero( sizeof(int)*smartlist_len(v->known_flags)); + if (smartlist_len(v->known_flags) > MAX_KNOWN_FLAGS_IN_VOTE) { + log_warn(LD_BUG, "Somehow, a vote has %d entries in known_flags", + smartlist_len(v->known_flags)); + } SMARTLIST_FOREACH_BEGIN(v->known_flags, const char *, fl) { int p = smartlist_string_pos(flags, fl); tor_assert(p >= 0); -- cgit v1.2.3-54-g00ecf