From 97f7efa9e3316e4e8970a87a1ee53fd4fd0075d8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 10 Sep 2019 11:07:25 -0400 Subject: pf: when extracting an IPv6 address, make sure we got an IPv6 address Our code assumes that when we're configured to get IPv6 addresses out of a TRANS_PF transparent proxy connection, we actually will. But we didn't check that, and so FreeBSD started warning us about a potential NULL pointer dereference. Fixes part of bug 31687; bugfix on 0.2.3.4-alpha when this code was added. --- src/core/or/connection_edge.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/core') diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index e4b3455d13..7cc67d7f5e 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -2547,8 +2547,11 @@ destination_from_pf(entry_connection_t *conn, socks_request_t *req) } else if (proxy_sa->sa_family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)proxy_sa; pnl.af = AF_INET6; - memcpy(&pnl.saddr.v6, tor_addr_to_in6(&ENTRY_TO_CONN(conn)->addr), - sizeof(struct in6_addr)); + const struct in6_addr *dest_in6 = + tor_addr_to_in6(&ENTRY_TO_CONN(conn)->addr); + if (BUG(!dest_in6)) + return -1; + memcpy(&pnl.saddr.v6, dest_in6, sizeof(struct in6_addr)); pnl.sport = htons(ENTRY_TO_CONN(conn)->port); memcpy(&pnl.daddr.v6, &sin6->sin6_addr, sizeof(struct in6_addr)); pnl.dport = sin6->sin6_port; -- cgit v1.2.3-54-g00ecf