2 files changed, 10 insertions, 2 deletions

diff --git a/changes/ticket31687_2 b/changes/ticket31687_2
new file mode 100644
index 0000000000..eadc698275
--- /dev/null
+++ b/changes/ticket31687_2
@@ -0,0 +1,5 @@
+  o Minor bugfixes (FreeBSD, PF-based proxy, IPv6):
+    - When extracting an IPv6 address from a PF-based proxy, verify
+      that we are actually configured to receive an IPv6 address,
+      and log an internal error if not. Fixes part of bug 31687;
+      bugfix on 0.2.3.4-alpha.
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index e4b3455d13..7cc67d7f5e 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -2547,8 +2547,11 @@ destination_from_pf(entry_connection_t *conn, socks_request_t *req)
   } else if (proxy_sa->sa_family == AF_INET6) {
     struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)proxy_sa;
     pnl.af = AF_INET6;
-    memcpy(&pnl.saddr.v6, tor_addr_to_in6(&ENTRY_TO_CONN(conn)->addr),
-           sizeof(struct in6_addr));
+    const struct in6_addr *dest_in6 =
+      tor_addr_to_in6(&ENTRY_TO_CONN(conn)->addr);
+    if (BUG(!dest_in6))
+      return -1;
+    memcpy(&pnl.saddr.v6, dest_in6, sizeof(struct in6_addr));
     pnl.sport = htons(ENTRY_TO_CONN(conn)->port);
     memcpy(&pnl.daddr.v6, &sin6->sin6_addr, sizeof(struct in6_addr));
     pnl.dport = sin6->sin6_port;