Instead, define a maximum size, and enforce it with an assertion.

(When a variable isn't going to be declared extern in the header, we
require that it be static.)

 * FIXES #25271: https://bugs.torproject.org/25271

Add an autoconf test to make sure we won't regret it.

Closes ticket 24484.

Empty versions lists are permitted; empty keywords are not.

Part of the 25249 fix to make rust match the C.

Also correct MAX_VERSIONS_TO_EXPAND to match the C.

NOTE that this patch leads to incorrect behavior: the C code allows
huge ranges; it just doesn't allow votes on them (currently).  For
full compatibility, we'll need to make the rust code store ranges as
ranges natively, possibly using something like the range_map crate.

Still, this patch is smaller than a "proper" fix.

Fixes TROVE-2018-003.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Fixes #25236

Signed-off-by: David Goulet <dgoulet@torproject.org>

Never allow the function to set a bucket value above the allowed circuit
burst.

Closes #25202

Signed-off-by: David Goulet <dgoulet@torproject.org>

We had this safeguard around dos_init() but not when the consensus changes
which can modify consensus parameters and possibly enable the DoS mitigation
even if tor wasn't a public relay.

Fixes #25223

Signed-off-by: David Goulet <dgoulet@torproject.org>

David Goulet authored Feb 08, 2018 and Nick Mathewson committed Feb 13, 2018

Explicitly inform the operator of the rejected relay to set a valid email
address in the ContactInfo field and contact bad-relays@ mailing list.

Fixes #25170

Signed-off-by: David Goulet <dgoulet@torproject.org>

Nick Mathewson authored Feb 12, 2018 and David Goulet committed Feb 12, 2018

We don't expect this to come up very much, but we may as well make
sure that the value isn't predictable (as we do for the other
addresses) in case the issue ever comes up.

Spotted by teor.