Merge branch 'maint-0.2.9' into maint-0.3.0

This commit is contained in:
Nick Mathewson 2017-07-05 13:43:31 -04:00
commit 546f5b364b
3 changed files with 21 additions and 2 deletions

6
changes/bug22789 Normal file
View File

@ -0,0 +1,6 @@
o Major bugfixes (openbsd, denial-of-service):
- Avoid an assertion failure bug affecting our implementation of
inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
handling of "0xfoo" differs from what we had expected.
Fixes bug 22789; bugfix on 0.2.3.8-alpha.

View File

@ -2593,8 +2593,12 @@ tor_inet_pton(int af, const char *src, void *dst)
char *next; char *next;
ssize_t len; ssize_t len;
long r = strtol(src, &next, 16); long r = strtol(src, &next, 16);
tor_assert(next != NULL); if (next == NULL || next == src) {
tor_assert(next != src); /* The 'next == src' error case can happen on versions of openbsd
* where treats "0xfoo" as an error, rather than as "0" followed by
* "xfoo". */
return 0;
}
len = *next == '\0' ? eow - src : next - src; len = *next == '\0' ? eow - src : next - src;
if (len > 4) if (len > 4)

View File

@ -354,6 +354,15 @@ test_addr_ip6_helpers(void *arg)
test_pton6_bad("1.2.3.4"); test_pton6_bad("1.2.3.4");
test_pton6_bad(":1.2.3.4"); test_pton6_bad(":1.2.3.4");
test_pton6_bad(".2.3.4"); test_pton6_bad(".2.3.4");
/* Regression tests for 22789. */
test_pton6_bad("0xfoo");
test_pton6_bad("0x88");
test_pton6_bad("0xyxxy");
test_pton6_bad("0XFOO");
test_pton6_bad("0X88");
test_pton6_bad("0XYXXY");
test_pton6_bad("0x");
test_pton6_bad("0X");
/* test internal checking */ /* test internal checking */
test_external_ip("fbff:ffff::2:7", 0); test_external_ip("fbff:ffff::2:7", 0);