[tor-bugs] #23082 [Core Tor/Tor]: tor_addr_parse is overly permissive

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 23 02:59:54 UTC 2017


#23082: tor_addr_parse is overly permissive
---------------------------+------------------------------------
 Reporter:  dcf            |          Owner:  (none)
     Type:  defect         |         Status:  new
 Priority:  Medium         |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor   |        Version:  Tor: 0.3.1.5-alpha
 Severity:  Normal         |     Resolution:
 Keywords:  032-unreached  |  Actual Points:
Parent ID:                 |         Points:
 Reviewer:                 |        Sponsor:
---------------------------+------------------------------------

Comment (by dcf):

 You can surface this bug from the command line:
 {{{
 $ tor-resolve -x '[138.201.14.1979'
 saxatile.torproject.org
 }}}
 This command should result in an error, but doesn't. Notice there are four
 digits in the last octet of the bogus address `[138.201.14.1979`.
 saxatile's IP address is 138.201.14.197. `tor_addr_parse` is throwing away
 the final character, and therefore failing to notice that the address is
 bad, because the string starts with `[`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23082#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list