[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #32363 [Core Tor/Tor]: tor_inet_aton parsing of IPv4 literals is too lax

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #32363 [Core Tor/Tor]: tor_inet_aton parsing of IPv4 literals is too lax
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 05 Feb 2020 18:06:12 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 05 Feb 2020 13:06:23 -0500
In-reply-to: <047.f13150b4f1e67471b830e4ce507cf8f3@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.f13150b4f1e67471b830e4ce507cf8f3@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#32363: tor_inet_aton parsing of IPv4 literals is too lax
----------------------------------------+----------------------------------
 Reporter:  liberat                     |          Owner:  neel
     Type:  enhancement                 |         Status:  needs_review
 Priority:  Medium                      |      Milestone:  Tor:
                                        |  0.4.4.x-final
Component:  Core Tor/Tor                |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:  BugSmashFund, extra-review  |  Actual Points:
Parent ID:                              |         Points:  0.2
 Reviewer:  nickm                       |        Sponsor:
----------------------------------------+----------------------------------

Comment (by nickm):

 > Now with the last changes, we do use the heap quite a bit with the
 smartlist_t so why would we prefer not using the heap in the first place?
 Does it still matter now?

 It doesn't matter except to the extent that it slows us down... we should
 keep an eye on profiles after we merge this.

 > Can we add a smartlist_core dependency to lib/net ?

 Yes: to see why, run `./scripts/maint/practracker/includes.py --toposort`
 for a topological sort of our current modules from lowest to highest
 level.  It appears that `net` is already much higher than smartlist_core.

 One thing I want to think about, though: do we care about the
 fingerprinting issue?  That is, this patch will create a class of
 addresses that some clients will parse and some clients will reject.  Is
 that a security issue to worry about, or are we cool here?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32363#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #32915 [Community/Relays]: Some Tor exit node servers are using Cloudflare DNS, result in "DNS resolution error"
Next by Author: [tor-bugs] #33154 [Community/Tor Support]: Edit incorrect Support documentation that incorrectly states there is currently no supported method for setting Tor Browser as your default browser. macOS users can set Tor Browser as the default browser.
Previous by thread: Re: [tor-bugs] #32363 [Core Tor/Tor]: tor_inet_aton parsing of IPv4 literals is too lax
Next by thread: Re: [tor-bugs] #32363 [Core Tor/Tor]: tor_inet_aton parsing of IPv4 literals is too lax
Index(es):
- Author
- Thread