Missing sanity checks for cbtnummodes consensus parameter
[] wtf. devs inserted trapdoors!? "tor_malloc_zero(num_modes*sizeof(build_time_t))" how much? anything else?
I think what doors was referring to is that we don't do any sanity checks on the value of the consensus parameter, so we can either request ridiculous amounts of memory or worse request 0 modes. Since doors immediately left irc I had no time to confirm if there was more.