Commit e3ebae48 authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

Fix undefined behavior in geoip_parse_entry(). 

Fixes bug 22490; bugfix on 6a241ff3 in 0.2.4.6-alpha.

Found by teor using clang-5.0's AddressSanitizer stack-use-after-scope.
parent 5207e41f

changes/bug22490

0 → 100644
+3 −0
Original line number Diff line number Diff line 
  o Minor bugfixes (correctness):

    - Avoid undefined behavior when parsing IPv6 entries from the geoip6

      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

src/or/geoip.c

+1 −1
Original line number Diff line number Diff line
@@ -145,6 +145,7 @@ geoip_parse_entry(const char *line, sa_family_t family) 
  if (*line == '#')

    return 0;



  char buf[512];

  if (family == AF_INET) {

    unsigned int low, high;

    if (tor_sscanf(line,"%u,%u,%2s", &low, &high, c) == 3 ||
@@ -155,7 +156,6 @@ geoip_parse_entry(const char *line, sa_family_t family) 
      goto fail;

    country = c;

  } else {                      /* AF_INET6 */

    char buf[512];

    char *low_str, *high_str;

    struct in6_addr low, high;

    char *strtok_state;