[tor-bugs] #30721 [Core Tor/Tor]: tor_addr_port_lookup() is overly permissive
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 14 01:20:13 UTC 2019
#30721: tor_addr_port_lookup() is overly permissive
-------------------------------------------------+-------------------------
Reporter: teor | Owner: teor
Type: defect | Status:
| needs_review
Priority: Medium | Milestone: Tor:
| 0.4.2.x-final
Component: Core Tor/Tor | Version: Tor:
| unspecified
Severity: Normal | Resolution:
Keywords: technical-debt, tor-addr, refactor, | Actual Points: 1.5
practracker-improvement |
Parent ID: | Points: 0.5
Reviewer: catalyst | Sponsor:
| Sponsor31-can
-------------------------------------------------+-------------------------
Changes (by teor):
* status: needs_revision => needs_review
* actualpoints: 1.0 => 1.5
Comment:
Replying to [comment:5 teor]:
> Replying to [comment:4 catalyst]:
> > * Maybe add unit tests to ensure that IPv4 addresses with square
brackets get rejected?
>
> Hmm yeah the unit tests are not in a great state. I'm working on them.
So I found two bugs while improving the unit tests:
* ambiguous IPv6:port without brackets were allowed, now they are banned
in the address-port parsing functions only (1b39bde)
* sometimes the port was set on failure, now it is always zero (679cce7)
I rewrote the tests and added a lot of tests cases, to make sure we
covered all these changes.
Some of the ambiguous test cases may fail on Linux or Windows (I only
tested on macOS), so I'll check CI in an hour or so to make sure.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30721#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list