[tor-bugs] #30721 [Core Tor/Tor]: tor_addr_port_lookup() is overly permissive
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 5 21:36:46 UTC 2019
#30721: tor_addr_port_lookup() is overly permissive
-------------------------------------------------+-------------------------
Reporter: teor | Owner: teor
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.4.2.x-final
Component: Core Tor/Tor | Version: Tor:
| unspecified
Severity: Normal | Resolution:
Keywords: technical-debt, tor-addr, refactor, | Actual Points: 0.5
practracker-improvement |
Parent ID: | Points: 0.5
Reviewer: catalyst | Sponsor:
| Sponsor31-can
-------------------------------------------------+-------------------------
Changes (by catalyst):
* status: needs_review => needs_revision
Comment:
Replying to [comment:1 teor]:
> This bug was introduced in in 0.2.1.5-alpha, when tor_addr_lookup() was
called tor_addr_port_parse().
>
> The first commit fixes the bug, the next two commits refactor the code
so the logic is clearer. I split tor_addr_lookup() into 3 separate
functions as part of the refactor, the split gets rid of a practracker
exception.
>
> See my pull request https://github.com/torproject/tor/pull/1068
>
> This change will break some rare, invalid tor configs, so we can't
backport it.
Thanks! This looks good by visual inspection. The commit structure is
helpful. The first commit could use a few minor changes:
* Add a changes file
* Maybe add unit tests to ensure that IPv4 addresses with square brackets
get rejected?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30721#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list