diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-08-27 16:07:04 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-08-27 16:07:04 -0400 |
| commit | 443e4ae1ee0520cead27dd3a21e9f79b1bed8f8b (patch) | |
| tree | 2691747518152bed42ee228c07cabe3d1754e02f | |
| parent | ce4add498f6af197a0e856d262825d547f898305 (diff) | |
| parent | 1c30e6abc93fa086a14d01d838066581a3657285 (diff) | |
| download | tor-443e4ae1ee0520cead27dd3a21e9f79b1bed8f8b.tar.gz tor-443e4ae1ee0520cead27dd3a21e9f79b1bed8f8b.zip | |
Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
src/or/policies.c
| -rw-r--r-- | changes/bug6690 | 7 | ||||
| -rw-r--r-- | src/or/policies.c | 6 |
2 files changed, 12 insertions, 1 deletions
diff --git a/changes/bug6690 b/changes/bug6690 new file mode 100644 index 0000000000..99d42976ed --- /dev/null +++ b/changes/bug6690 @@ -0,0 +1,7 @@ + o Major bugfixes (security): + - Do not crash when comparing an address with port value 0 to an + address policy. This bug could have been used to cause a remote + assertion failure by or against directory authorities, or to + allow some applications to crash clients. Fixes bug 6690; bugfix + on 0.2.1.10-alpha. + diff --git a/src/or/policies.c b/src/or/policies.c index 3018803bc4..6e984211ba 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -712,7 +712,11 @@ compare_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port, /* no policy? accept all. */ return ADDR_POLICY_ACCEPTED; } else if (addr == NULL || tor_addr_is_null(addr)) { - tor_assert(port != 0); + if (port == 0) { + log_info(LD_BUG, "Rejecting null address with 0 port (family %d)", + addr ? tor_addr_family(addr) : -1); + return ADDR_POLICY_REJECTED; + } return compare_unknown_tor_addr_to_addr_policy(port, policy); } else if (port == 0) { return compare_known_tor_addr_to_addr_policy_noport(addr, policy); |