[tor-commits] [tor/master] Minor tor_inet_pton bug fixes

nickm at torproject.org nickm at torproject.org
Sat Nov 19 23:43:40 UTC 2011


commit edc561432a10ad053ea0b40db44dfc904b71f79f
Author: Anders Sundman <anders at 4zm.org>
Date:   Fri Nov 18 23:37:54 2011 +0100

    Minor tor_inet_pton bug fixes
    
    In particular:
    * Disallow "0x10::"
    * Don't blow up on ":"
    * Disallow "::10000"
---
 src/common/compat.c |   20 +++++++++++++-------
 1 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/common/compat.c b/src/common/compat.c
index ba49af7..20c45af 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1733,24 +1733,30 @@ tor_inet_pton(int af, const char *src, void *dst)
         return 0;
       if (TOR_ISXDIGIT(*src)) {
         char *next;
+        int len;
         long r = strtol(src, &next, 16);
-        if (next > 4+src)
-          return 0;
-        if (next == src)
-          return 0;
-        if (r<0 || r>65536)
+        tor_assert(next != NULL);
+        tor_assert(next != src);
+
+        len = *next == '\0' ? eow - src : next - src;
+        if (len > 4)
           return 0;
+        if (len > 1 && !TOR_ISXDIGIT(src[1]))
+          return 0; /* 0x is not valid */
 
+        tor_assert(r >= 0);
+        tor_assert(r < 65536);
         words[i++] = (uint16_t)r;
         setWords++;
         src = next;
         if (*src != ':' && src != eow)
           return 0;
         ++src;
-      } else if (*src == ':' && i > 0 && gapPos==-1) {
+      } else if (*src == ':' && i > 0 && gapPos == -1) {
         gapPos = i;
         ++src;
-      } else if (*src == ':' && i == 0 && src[1] == ':' && gapPos==-1) {
+      } else if (*src == ':' && i == 0 && src+1 < eow && src[1] == ':' &&
+                 gapPos == -1) {
         gapPos = i;
         src += 2;
       } else {





More information about the tor-commits mailing list