[tor-bugs] #32363 [Core Tor/Tor]: tor_inet_aton parsing of IPv4 literals is too lax
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 2 17:18:47 UTC 2019
#32363: tor_inet_aton parsing of IPv4 literals is too lax
--------------------------+------------------------------
Reporter: liberat | Owner: (none)
Type: defect | Status: new
Priority: Medium | Component: Core Tor/Tor
Version: Tor: 0.4.1.6 | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------
The function tor_inet_aton accepts strings that include leading zeroes.
For example, "010.010.010.010" is parsed as "10.10.10.10".
This could potentially be a problem because "010.010.010.010" is obsolete
notation for an ''octal'' IP address.
At least in glibc, inet_aton or getaddrinfo treats "010.010.010.010" as
"8.8.8.8", whereas inet_ntop rejects it as invalid.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32363>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list