[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #23082 [Core Tor/Tor]: tor_addr_parse is overly permissive
#23082: tor_addr_parse is overly permissive
---------------------------+------------------------------------
Reporter: dcf | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version: Tor: 0.3.1.5-alpha
Severity: Normal | Resolution:
Keywords: 032-unreached | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+------------------------------------
Comment (by dcf):
You can surface this bug from the command line:
{{{
$ tor-resolve -x '[138.201.14.1979'
saxatile.torproject.org
}}}
This command should result in an error, but doesn't. Notice there are four
digits in the last octet of the bogus address `[138.201.14.1979`.
saxatile's IP address is 138.201.14.197. `tor_addr_parse` is throwing away
the final character, and therefore failing to notice that the address is
bad, because the string starts with `[`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23082#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs