[tor-bugs] #30721 [Core Tor/Tor]: tor_addr_port_lookup() is overly permissive

Sun Jun 2 06:48:13 UTC 2019

#30721: tor_addr_port_lookup() is overly permissive
-------------------------+-------------------------------------------------
     Reporter:  teor     |      Owner:  teor
         Type:  defect   |     Status:  assigned
     Priority:  Medium   |  Milestone:  Tor: 0.4.2.x-final
    Component:  Core     |    Version:
  Tor/Tor                |   Keywords:  technical-debt, operator-visible-
     Severity:  Normal   |  change
Actual Points:  0.2      |  Parent ID:
       Points:  0.2      |   Reviewer:
      Sponsor:           |
  Sponsor31-can          |
-------------------------+-------------------------------------------------
 Like tor_addr_parse() in #23082, tor_addr_port_lookup() also allows square
 brackets around IPv4 addresses.

 But it's slightly less permissive: it requires a terminating `]`.

 For example, this command line should be rejected, but it is not:
 {{{
 tor ORPort [127.0.0.1]:9001
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30721>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online