From 8b405c609e82fbfb5470967fc4c45165c708e72b Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 15 Feb 2018 08:46:13 -0500
Subject: [PATCH] Forbid "-0" as a protocol version.

Fixes part of 24249; bugfix on 0.2.9.4-alpha.
---
 changes/bug25249         | 3 +++
 src/or/protover.c        | 9 +++++++++
 src/test/test_protover.c | 6 ++++--
 3 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 changes/bug25249

diff --git a/changes/bug25249 b/changes/bug25249
new file mode 100644
index 0000000000..b4153eeaef
--- /dev/null
+++ b/changes/bug25249
@@ -0,0 +1,3 @@
+  o Minor bugfixes (spec conformance):
+    - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
+      0.2.9.4-alpha.
diff --git a/src/or/protover.c b/src/or/protover.c
index e63036f784..f32316f8e7 100644
--- a/src/or/protover.c
+++ b/src/or/protover.c
@@ -123,6 +123,11 @@ parse_version_range(const char *s, const char *end_of_range,
   if (BUG(!end_of_range))
     end_of_range = s + strlen(s); // LCOV_EXCL_LINE
 
+  /* A range must start with a digit. */
+  if (!TOR_ISDIGIT(*s)) {
+    goto error;
+  }
+
   /* Note that this wouldn't be safe if we didn't know that eventually,
    * we'd hit a NUL */
   low = (uint32_t) tor_parse_ulong(s, 10, 0, UINT32_MAX, &ok, &next);
@@ -138,7 +143,11 @@ parse_version_range(const char *s, const char *end_of_range,
   if (*next != '-')
     goto error;
   s = next+1;
+
   /* ibid */
+  if (!TOR_ISDIGIT(*s)) {
+    goto error;
+  }
   high = (uint32_t) tor_parse_ulong(s, 10, 0, UINT32_MAX, &ok, &next);
   if (!ok)
     goto error;
diff --git a/src/test/test_protover.c b/src/test/test_protover.c
index 609003a838..4c41b6db6b 100644
--- a/src/test/test_protover.c
+++ b/src/test/test_protover.c
@@ -151,11 +151,11 @@ test_protover_vote(void *arg)
   tt_str_op(result, OP_EQ, "");
   tor_free(result);
 
-  /* This fails in Rust, but not in C */
+  /* This fails, since "-0" is not valid. */
   smartlist_clear(lst);
   smartlist_add(lst, (void*) "Faux=-0");
   result = protover_compute_vote(lst, 1);
-  tt_str_op(result, OP_EQ, "Faux=0");
+  tt_str_op(result, OP_EQ, "");
   tor_free(result);
 
   /* Vote large protover lists that are just below the threshold */
@@ -301,6 +301,8 @@ test_protover_vote_roundtrip(void *args)
     { "Link=1,fred", NULL },
     { "Link=1,fred,3", NULL },
     { "Link=1,9-8,3", NULL },
+    { "Faux=-0", NULL },
+    { "Faux=0--0", NULL },
     // "These fail at the splitting stage in Rust, but the number parsing
     // stage in C."
     { "Faux=-1", NULL },
-- 
2.11.4.GIT