[tor-bugs] #23082 [Core Tor/Tor]: tor_addr_parse is overly permissive
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Aug 2 16:50:47 UTC 2017
#23082: tor_addr_parse is overly permissive
--------------------------+------------------------------------
Reporter: dcf | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.1.5-alpha
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by dcf):
Here is a fuzzer for tor_addr_parse: attachment:fuzz_addr.c.
I ran it and didn't find any other unexpected inputs accepted by
tor_addr_parse: attachment:fuzz_addr_findings.tar.gz
{{{
$ for a in fuzz_addr_findings/queue/*; do ./fuzz-addr --info < $a; done |
grep -v error
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23082#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list