pf: when extracting an IPv6 address, make sure we got an IPv6 address

Our code assumes that when we're configured to get IPv6 addresses out of a TRANS_PF transparent proxy connection, we actually will. But we didn't check that, and so FreeBSD started warning us about a potential NULL pointer dereference. Fixes part of bug 31687; bugfix on 0.2.3.4-alpha when this code was added.
2024-11-10 13:13:44 +01:00 · 2019-09-10 11:07:25 -04:00 · 2019-09-10 11:07:25 -04:00 · 97f7efa9e3
commit 97f7efa9e3
parent 51475aee57
2 changed files with 10 additions and 2 deletions
--- a/changes/ticket31687_2
+++ b/changes/ticket31687_2
@ -0,0 +1,5 @@
+  o Minor bugfixes (FreeBSD, PF-based proxy, IPv6):
+    - When extracting an IPv6 address from a PF-based proxy, verify
+      that we are actually configured to receive an IPv6 address,
+      and log an internal error if not. Fixes part of bug 31687;
+      bugfix on 0.2.3.4-alpha.
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@ -2547,8 +2547,11 @@ destination_from_pf(entry_connection_t *conn, socks_request_t *req)
  } else if (proxy_sa->sa_family == AF_INET6) {
    struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)proxy_sa;
    pnl.af = AF_INET6;
-    memcpy(&pnl.saddr.v6, tor_addr_to_in6(&ENTRY_TO_CONN(conn)->addr),
-           sizeof(struct in6_addr));
+    const struct in6_addr *dest_in6 =
+      tor_addr_to_in6(&ENTRY_TO_CONN(conn)->addr);
+    if (BUG(!dest_in6))
+      return -1;
+    memcpy(&pnl.saddr.v6, dest_in6, sizeof(struct in6_addr));
    pnl.sport = htons(ENTRY_TO_CONN(conn)->port);
    memcpy(&pnl.daddr.v6, &sin6->sin6_addr, sizeof(struct in6_addr));
    pnl.dport = sin6->sin6_port;