[tor-bugs] #21280 [Core Tor/Tor]: tor-resolve: Do not truncate too long hostnames
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 22 17:03:42 UTC 2017
#21280: tor-resolve: Do not truncate too long hostnames
------------------------------+--------------------------
Reporter: junglefowl | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version: Tor: 0.2.9.8
Severity: Normal | Keywords: tor-resolve
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------
If a hostname is supplied to tor-resolve which is too long, it will
be[[BR]]silently truncated, resulting in a different hostname
lookup:[[BR]][[BR]]$ tor-resolve $(python -c 'print("google.com" + "m" *
256)')[[BR]][[BR]]If tor-resolve uses SOCKS5, the length is stored in an
unsigned char,[[BR]]which overflows in this case and leads to the hostname
"google.com".[[BR]]As this one is a valid hostname, it returns an address
instead of giving[[BR]]an error due to the invalid supplied
hostname.[[BR]]
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21280>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list