[tor-bugs] #21280 [Core Tor/Tor]: tor-resolve: Do not truncate too long hostnames

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jan 22 17:03:42 UTC 2017


#21280: tor-resolve: Do not truncate too long hostnames
------------------------------+--------------------------
     Reporter:  junglefowl    |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:
    Component:  Core Tor/Tor  |    Version:  Tor: 0.2.9.8
     Severity:  Normal        |   Keywords:  tor-resolve
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------
 If a hostname is supplied to tor-resolve which is too long, it will
 be[[BR]]silently truncated, resulting in a different hostname
 lookup:[[BR]][[BR]]$ tor-resolve $(python -c 'print("google.com" + "m" *
 256)')[[BR]][[BR]]If tor-resolve uses SOCKS5, the length is stored in an
 unsigned char,[[BR]]which overflows in this case and leads to the hostname
 "google.com".[[BR]]As this one is a valid hostname, it returns an address
 instead of giving[[BR]]an error due to the invalid supplied
 hostname.[[BR]]

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21280>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list