Commit 62d96284 authored Aug 27, 2012 by Nick Mathewson

Do not assert when comparing a null address/port against a policy

This can create a remote crash opportunity for/against directory
authorities.

parent d48cebc5

changes/bug6690

0 → 100644

+7 −0

Original line number	Diff line number	Diff line
		o Major bugfixes (security):
		- Do not crash when comparing an address with port value 0 to an
		address policy. This bug could have been used to cause a remote
		assertion failure by or against directory authorities, or to
		allow some applications to crash clients. Fixes bug 6690; bugfix
		on 0.2.1.10-alpha.

src/or/policies.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -685,7 +685,11 @@ compare_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port,
		/* no policy? accept all. */
		return ADDR_POLICY_ACCEPTED;
		} else if (tor_addr_is_null(addr)) {
		tor_assert(port != 0);
		if (port == 0) {
		log_info(LD_BUG, "Rejecting null address with 0 port (family %d)",
		addr ? tor_addr_family(addr) : -1);
		return ADDR_POLICY_REJECTED;
		}
		return compare_unknown_tor_addr_to_addr_policy(port, policy);
		} else if (port == 0) {
		return compare_known_tor_addr_to_addr_policy_noport(addr, policy);