Forbid "-0" as a protocol version.

Fixes part of 24249; bugfix on 0.2.9.4-alpha.

changes/bug25249

@@ -0,0 +1,3 @@
+  o Minor bugfixes (spec conformance):
+    - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
+      0.2.9.4-alpha.

src/or/protover.c

@@ -123,6 +123,11 @@ parse_version_range(const char *s, const char *end_of_range,
   if (BUG(!end_of_range))
     end_of_range = s + strlen(s); // LCOV_EXCL_LINE
 
+  /* A range must start with a digit. */
+  if (!TOR_ISDIGIT(*s)) {
+    goto error;
+  }
+
   /* Note that this wouldn't be safe if we didn't know that eventually,
    * we'd hit a NUL */
   low = (uint32_t) tor_parse_ulong(s, 10, 0, UINT32_MAX, &ok, &next);
@@ -138,7 +143,11 @@ parse_version_range(const char *s, const char *end_of_range,
   if (*next != '-')
     goto error;
   s = next+1;
+
   /* ibid */
+  if (!TOR_ISDIGIT(*s)) {
+    goto error;
+  }
   high = (uint32_t) tor_parse_ulong(s, 10, 0, UINT32_MAX, &ok, &next);
   if (!ok)
     goto error;

src/test/test_protover.c

@@ -151,11 +151,11 @@ test_protover_vote(void *arg)
   tt_str_op(result, OP_EQ, "");
   tor_free(result);
 
-  /* This fails in Rust, but not in C */
+  /* This fails, since "-0" is not valid. */
   smartlist_clear(lst);
   smartlist_add(lst, (void*) "Faux=-0");
   result = protover_compute_vote(lst, 1);
-  tt_str_op(result, OP_EQ, "Faux=0");
+  tt_str_op(result, OP_EQ, "");
   tor_free(result);
 
   /* Vote large protover lists that are just below the threshold */
@@ -301,6 +301,8 @@ test_protover_vote_roundtrip(void *args)
     { "Link=1,fred", NULL },
     { "Link=1,fred,3", NULL },
     { "Link=1,9-8,3", NULL },
+    { "Faux=-0", NULL },
+    { "Faux=0--0", NULL },
     // "These fail at the splitting stage in Rust, but the number parsing
     // stage in C."
     { "Faux=-1", NULL },