From 62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 27 Aug 2012 11:52:51 -0400 Subject: Do not assert when comparing a null address/port against a policy This can create a remote crash opportunity for/against directory authorities. --- changes/bug6690 | 7 +++++++ src/or/policies.c | 6 +++++- 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 changes/bug6690 diff --git a/changes/bug6690 b/changes/bug6690 new file mode 100644 index 0000000000..99d42976ed --- /dev/null +++ b/changes/bug6690 @@ -0,0 +1,7 @@ + o Major bugfixes (security): + - Do not crash when comparing an address with port value 0 to an + address policy. This bug could have been used to cause a remote + assertion failure by or against directory authorities, or to + allow some applications to crash clients. Fixes bug 6690; bugfix + on 0.2.1.10-alpha. + diff --git a/src/or/policies.c b/src/or/policies.c index c87036013d..55d08afc81 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -685,7 +685,11 @@ compare_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port, /* no policy? accept all. */ return ADDR_POLICY_ACCEPTED; } else if (tor_addr_is_null(addr)) { - tor_assert(port != 0); + if (port == 0) { + log_info(LD_BUG, "Rejecting null address with 0 port (family %d)", + addr ? tor_addr_family(addr) : -1); + return ADDR_POLICY_REJECTED; + } return compare_unknown_tor_addr_to_addr_policy(port, policy); } else if (port == 0) { return compare_known_tor_addr_to_addr_policy_noport(addr, policy); -- cgit v1.2.3-54-g00ecf