[tor-bugs] #18454 [Tor]: tor_addr_is_internal_(): Bug: tor_addr_is_internal() called from src/common/address.c:1668 with a non-IP address of type 11829

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 1 18:42:06 UTC 2016


#18454: tor_addr_is_internal_(): Bug: tor_addr_is_internal() called from
src/common/address.c:1668 with a non-IP address of type 11829
-------------------------------+------------------------------------
 Reporter:  toralf             |          Owner:
     Type:  defect             |         Status:  new
 Priority:  Very High          |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor                |        Version:  Tor: 0.2.8.1-alpha
 Severity:  Normal             |     Resolution:
 Keywords:  memory-corruption  |  Actual Points:
Parent ID:                     |         Points:
  Sponsor:                     |
-------------------------------+------------------------------------
Changes (by teor):

 * priority:  Medium => Very High
 * keywords:   => memory-corruption
 * milestone:   => Tor: 0.2.8.x-final


Comment:

 This is the tor_addr_is_internal() call in get_interface_address6()
 complaining that a->family is invalid.

 But each of the functions called by get_interface_address6_list() checks
 that the family is AF_INET or AF_INET6. So it looks like memory is getting
 corrupted somewhere between these addresses being checked for validity in
 get_interface_addresses_raw() /
 get_interface_address6_via_udp_socket_hack(), and them being used in
 get_interface_address6().

 It would help to know which codepath was providing these corrupt
 addresses. Can you provide any other log messages?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18454#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list