[tor-bugs] #25055 [Core Tor/Tor]: string_is_valid_hostname() returns true for IPv4 addresses

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 27 00:12:20 UTC 2018

#25055: string_is_valid_hostname() returns true for IPv4 addresses
 Reporter:  teor                                 |          Owner:  (none)
     Type:  defect                               |         Status:
                                                 |  merge_ready
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
 Severity:  Normal                               |     Resolution:
 Keywords:  IPv6, IPv4, tor-dns, 032-backport,   |  Actual Points:
  033-must, review-group-34,                     |
  033-triage-20180320, 033-included-20180320     |
Parent ID:  #25036                               |         Points:  1
 Reviewer:  mikeperry                            |        Sponsor:
Changes (by mikeperry):

 * status:  needs_review => merge_ready


 Hrmm. Downside of tons of reviewers: I have a weak preference that the
 hostname be treated strictly. I think that permitting more things on the
 socksport itself is fine, but that our function names should reflect
 current RFC notions, and not leave wiggle room for future potential
 changes, since in other cases uses of this function may end up causing
 bugs. This would mean that string_is_valid_hostname() would enforce full
 RFC hostname strictness, but then string_is_valid_dest() would or that
 together with string_is_valid_ipv4, string_is_valid_ipv6, and another

 But my preference is only a weak one. Everything else about this code
 looks good to me now. I'm going to mark this merge_ready. If someone else
 decides to agree with me, feel free to change to needs_revision.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25055#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list