then find_start_of_next_routerstatus() should not increment pointer to len of "directory-footer", and that token need to be find_by_keyword()
and mainly need to choice one of: or networkstatus_parse_vote_from_string() should checks for K_CONSENSUS_METHOD and presense of K_DIRECTORY_FOOTER, or find_start_of_next_routerstatus() must returns min(pointer_to_r, pointer_to_footer, pointer_to_signature)
right now find_start_of_next_routerstatus() is timebomb, fortunatly time works for us.
or not for us, huh eos2 += strlen("\ndirectory-footer"); where last '\n'? I can append any number or statuses to #8 method consensus.
ah no. thats right. but appends of bw numbers can happens.
Here my exploit, takes one #8 consensus append directory-footer, bandwidth-weights with those bunches of bw#$@ eq 0, all signatures. send it to client, it crashes. if all auths upgrades, then client with such code still affected without non modified current_consensus.
if attacker a little smarter than number can be precomputed, the same whay as all statuses sorted and determinated in memory.
houston ping ping, my fuel is out.