pf: when extracting an IPv6 address, make sure we got an IPv6 address

Our code assumes that when we're configured to get IPv6 addresses
out of a TRANS_PF transparent proxy connection, we actually will.
But we didn't check that, and so FreeBSD started warning us about a
potential NULL pointer dereference.

Fixes part of bug 31687; bugfix on 0.2.3.4-alpha when this code was
added.

1 files changed, 5 insertions, 2 deletions

diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index e4b3455d13..7cc67d7f5e 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -2547,8 +2547,11 @@ destination_from_pf(entry_connection_t *conn, socks_request_t *req)
   } else if (proxy_sa->sa_family == AF_INET6) {
     struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)proxy_sa;
     pnl.af = AF_INET6;
-    memcpy(&pnl.saddr.v6, tor_addr_to_in6(&ENTRY_TO_CONN(conn)->addr),
-           sizeof(struct in6_addr));
+    const struct in6_addr *dest_in6 =
+      tor_addr_to_in6(&ENTRY_TO_CONN(conn)->addr);
+    if (BUG(!dest_in6))
+      return -1;
+    memcpy(&pnl.saddr.v6, dest_in6, sizeof(struct in6_addr));
     pnl.sport = htons(ENTRY_TO_CONN(conn)->port);
     memcpy(&pnl.daddr.v6, &sin6->sin6_addr, sizeof(struct in6_addr));
     pnl.dport = sin6->sin6_port;