[tor-bugs] #23082 [Core Tor/Tor]: tor_addr_parse is overly permissive

[Tor Bug Tracker & Wiki]

#23082: tor_addr_parse is overly permissive
--------------------------+------------------------------------
 Reporter:  dcf           |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.1.5-alpha
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by dcf):

 Here is a fuzzer for tor_addr_parse: attachment:fuzz_addr.c.

 I ran it and didn't find any other unexpected inputs accepted by
 tor_addr_parse: attachment:fuzz_addr_findings.tar.gz
 {{{
 $ for a in fuzz_addr_findings/queue/*; do ./fuzz-addr --info < $a; done |
 grep -v error
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23082#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online