[tor-bugs] #30721 [Core Tor/Tor]: tor_addr_port_lookup() is overly permissive

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 14 01:20:13 UTC 2019


#30721: tor_addr_port_lookup() is overly permissive
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  teor
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.4.2.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  unspecified
 Severity:  Normal                               |     Resolution:
 Keywords:  technical-debt, tor-addr, refactor,  |  Actual Points:  1.5
  practracker-improvement                        |
Parent ID:                                       |         Points:  0.5
 Reviewer:  catalyst                             |        Sponsor:
                                                 |  Sponsor31-can
-------------------------------------------------+-------------------------
Changes (by teor):

 * status:  needs_revision => needs_review
 * actualpoints:  1.0 => 1.5


Comment:

 Replying to [comment:5 teor]:
 > Replying to [comment:4 catalyst]:
 > > * Maybe add unit tests to ensure that IPv4 addresses with square
 brackets get rejected?
 >
 > Hmm yeah the unit tests are not in a great state. I'm working on them.

 So I found two bugs while improving the unit tests:
 * ambiguous IPv6:port without brackets were allowed, now they are banned
 in the address-port parsing functions only (1b39bde)
 * sometimes the port was set on failure, now it is always zero (679cce7)

 I rewrote the tests and added a lot of tests cases, to make sure we
 covered all these changes.

 Some of the ambiguous test cases may fail on Linux or Windows (I only
 tested on macOS), so I'll check CI in an hour or so to make sure.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30721#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list