[tor-bugs] #25055 [Core Tor/Tor]: string_is_valid_hostname() returns true for IPv4 addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 27 00:12:20 UTC 2018
#25055: string_is_valid_hostname() returns true for IPv4 addresses
-------------------------------------------------+-------------------------
Reporter: teor | Owner: (none)
Type: defect | Status:
| merge_ready
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.2.1-alpha
Severity: Normal | Resolution:
Keywords: IPv6, IPv4, tor-dns, 032-backport, | Actual Points:
033-must, review-group-34, |
033-triage-20180320, 033-included-20180320 |
Parent ID: #25036 | Points: 1
Reviewer: mikeperry | Sponsor:
-------------------------------------------------+-------------------------
Changes (by mikeperry):
* status: needs_review => merge_ready
Comment:
Hrmm. Downside of tons of reviewers: I have a weak preference that the
hostname be treated strictly. I think that permitting more things on the
socksport itself is fine, but that our function names should reflect
current RFC notions, and not leave wiggle room for future potential
changes, since in other cases uses of this function may end up causing
bugs. This would mean that string_is_valid_hostname() would enforce full
RFC hostname strictness, but then string_is_valid_dest() would or that
together with string_is_valid_ipv4, string_is_valid_ipv6, and another
string_is_valid_extra()...
But my preference is only a weak one. Everything else about this code
looks good to me now. I'm going to mark this merge_ready. If someone else
decides to agree with me, feel free to change to needs_revision.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25055#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list