Correctly reject packages lines with empty entries

src/or/dirserv.c

@@ -3300,22 +3300,38 @@ validate_recommended_package_line(const char *line)
   WORD(); /* Skip URL */
   ++cp;
 
-  /* Skip digestname=digestval + */
-  int foundeq = 0;
-  while (*cp) {
-    if (*cp == ' ') {
-      if (!foundeq)
-        return 0;
-      foundeq = 0;
-    } else if (*cp == '=') {
-      if (++foundeq > 1)
-        return 0;
-    }
-    ++cp;
+  /* Skip digesttype=digestval + */
+  int n_entries = 0;
+  while (1) {
+    const char *start_of_word = cp;
+    const char *end_of_word = strchr(cp, ' ');
+    if (! end_of_word)
+      end_of_word = cp + strlen(cp);
+
+    if (start_of_word == end_of_word)
+      return 0;
+
+    const char *eq = memchr(start_of_word, '=', end_of_word - start_of_word);
+
+    if (!eq)
+      return 0;
+    if (eq == start_of_word)
+      return 0;
+    if (eq == end_of_word - 1)
+      return 0;
+    if (memchr(eq+1, '=', end_of_word - (eq+1)))
+      return 0;
+
+    ++n_entries;
+    if (0 == *end_of_word)
+      break;
+
+    cp = end_of_word + 1;
   }
 
-  if (!foundeq)
+  if (n_entries == 0)
     return 0;
+
   return 1;
 }
 

src/test/test_dir.c

@@ -2961,6 +2961,13 @@ test_dir_packages(void *arg)
   BAD("tor ");
   BAD("tor");
   BAD("");
+  BAD("=foobar sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+  BAD("= = sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+
+  BAD("sha512= sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
 
   votes = smartlist_new();
   smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));