[tor-bugs] #22469 [Core Tor/Tor]: tor should probably reject "0x00" in port range specifications (was: tor should better validate invalid ipv6 address:port definitions)

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 9 19:07:59 UTC 2017


#22469: tor should probably reject "0x00" in port range specifications
-------------------------------------------------+-------------------------
 Reporter:  toralf                               |          Owner:
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.3.1.2-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-relay torrc configuration intro  |  Actual Points:
  ipv6                                           |
Parent ID:  #22802                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by catalyst):

 * cc: catalyst (added)


Comment:

 By code inspection it looks like `0x00` as the port might get accepted by
 `parse_port_range()` because `tor_parse_long()` gets called with a non-
 null `next` to detect a hyphen delimiting the maximum of a port range, but
 nothing seems to produce an error if some different character follows the
 first port number of the "range".  i.e., `0x00` gets parsed as `0`
 followed by `x00` as trailing garbage that gets ignored rather than
 producing an error.  I haven't come up with a test for this yet.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22469#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list