Undefined behavior in rend_parse_service_authorization()

  char descriptor_cookie_tmp[REND_DESC_COOKIE_LEN+2];
...
    if (base64_decode(descriptor_cookie_tmp, sizeof(descriptor_cookie_tmp),
                      descriptor_cookie_base64ext,
                      strlen(descriptor_cookie_base64ext)) < 0) {
      log_warn(LD_CONFIG, "Decoding authorization cookie failed: '%s'",
               descriptor_cookie);
      goto err;
    }
    auth_type_val = (descriptor_cookie_tmp[16] >> 4) + 1;

descriptor_cookie_tmp is a char array and chars are signed. The right shift there can cause undefined behavior if descriptor_cookie_tmp[16] is a negative value.

Reported on IRC.