[tor-bugs] #15497 [Torsocks]: torsock's getpeername() implementation is broken.

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#15497: torsock's getpeername() implementation is broken.
----------------------+-------------------------
 Reporter:  yawning   |          Owner:  dgoulet
     Type:  defect    |         Status:  new
 Priority:  normal    |      Milestone:
Component:  Torsocks  |        Version:
 Keywords:            |  Actual Points:
Parent ID:            |         Points:
----------------------+-------------------------
 This is incredibly wrong and breaks well written applications:
 {{{
       /*
        * Extra check for addrlen since we are about to copy the connection
        * content into the given address.
        */
       if (*addrlen > sizeof(struct sockaddr)) {
               /* Ref to the manpage for the returned value here. */
               errno = EINVAL;
               ret = -1;
               goto end;
       }
 }}}

 http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpeername.html

 >The address_len argument points to a socklen_t object which on input
 specifies the length of the supplied sockaddr structure, and on output
 specifies the length of the stored address. If the actual length of the
 address is greater than the length of the supplied sockaddr structure, the
 stored address shall be truncated.

 This does not mean "reject `address_len` that's larger than `sizeof(struct
 sockaddr)`", and it is common to pass in a `sockaddr_in6` or
 `sockaddr_storage` both which are larger than `sockaddr`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15497>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs