[tor-bugs] #33788 [Core Tor/Tor]: Check the return value of tor_inet_ntop()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 1 23:38:28 UTC 2020
#33788: Check the return value of tor_inet_ntop()
-------------------------+-------------------------------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.4.4.x-final
Component: Core | Version:
Tor/Tor | Keywords: 044-should, security-low,
Severity: Normal | 035-backport, 041-backport, 042-backport,
| 043-backport, outreachy-ipv6, ipv6
Actual Points: | Parent ID: #33768
Points: 1 | Reviewer:
Sponsor: |
Sponsor55-must |
-------------------------+-------------------------------------------------
The following functions don't check the return value of tor_inet_ntop():
* tor_dup_ip(), IPv4 only, unlikely to be a serious bug
* evdns_callback(), multiple times, IPv6, could be serious
These functions should log a bug log using BUG(), and return an error.
We will also need to make their callers check for the error.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33788>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list