Fix undefined behavior in geoip_parse_entry().

Fixes bug 22490; bugfix on 6a241ff3ffe7dc1 in 0.2.4.6-alpha. Found by teor using clang-5.0's AddressSanitizer stack-use-after-scope.
author: Nick Mathewson <nickm@torproject.org> 2017-06-05 10:09:39 -0400
committer: Nick Mathewson <nickm@torproject.org> 2017-06-05 10:09:39 -0400
commit: e3ebae48040b9ed3946e65dbc6a24e8f5e48ff6b (patch)
tree: 6aba978b2fbe1916126a0ce780a4921820f2f04c
parent: 5207e41ffeb99089adbb56376c0759b97a556801 (diff)
download: tor-e3ebae48040b9ed3946e65dbc6a24e8f5e48ff6b.tar.gz
tor-e3ebae48040b9ed3946e65dbc6a24e8f5e48ff6b.zip
2 files changed, 4 insertions, 1 deletions
diff --git a/changes/bug22490 b/changes/bug22490
new file mode 100644
index 0000000000..244dd50b36
--- /dev/null
+++ b/changes/bug22490
@@ -0,0 +1,3 @@
+  o Minor bugfixes (correctness):
+    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
diff --git a/src/or/geoip.c b/src/or/geoip.c
index e2e98e8ec4..4abd5191f4 100644
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -145,6 +145,7 @@ geoip_parse_entry(const char *line, sa_family_t family)
   if (*line == '#')
     return 0;
 
+  char buf[512];
   if (family == AF_INET) {
     unsigned int low, high;
     if (tor_sscanf(line,"%u,%u,%2s", &low, &high, c) == 3 ||
@@ -155,7 +156,6 @@ geoip_parse_entry(const char *line, sa_family_t family)
       goto fail;
     country = c;
   } else {                      /* AF_INET6 */
-    char buf[512];
     char *low_str, *high_str;
     struct in6_addr low, high;
     char *strtok_state;
author	Nick Mathewson <nickm@torproject.org>	2017-06-05 10:09:39 -0400
committer	Nick Mathewson <nickm@torproject.org>	2017-06-05 10:09:39 -0400
commit	e3ebae48040b9ed3946e65dbc6a24e8f5e48ff6b (patch)
tree	6aba978b2fbe1916126a0ce780a4921820f2f04c
parent	5207e41ffeb99089adbb56376c0759b97a556801 (diff)
download	tor-e3ebae48040b9ed3946e65dbc6a24e8f5e48ff6b.tar.gz tor-e3ebae48040b9ed3946e65dbc6a24e8f5e48ff6b.zip