[tor-commits] [tor/release-0.2.2] Do not assert when comparing a null address/port against a policy

arma at torproject.org arma at torproject.org
Tue Sep 11 17:58:51 UTC 2012


commit 62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Aug 27 11:52:51 2012 -0400

    Do not assert when comparing a null address/port against a policy
    
    This can create a remote crash opportunity for/against directory
    authorities.
---
 changes/bug6690   |    7 +++++++
 src/or/policies.c |    6 +++++-
 2 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/changes/bug6690 b/changes/bug6690
new file mode 100644
index 0000000..99d4297
--- /dev/null
+++ b/changes/bug6690
@@ -0,0 +1,7 @@
+  o Major bugfixes (security):
+    - Do not crash when comparing an address with port value 0 to an
+      address policy. This bug could have been used to cause a remote
+      assertion failure by or against directory authorities, or to
+      allow some applications to crash clients. Fixes bug 6690; bugfix
+      on 0.2.1.10-alpha.
+
diff --git a/src/or/policies.c b/src/or/policies.c
index c870360..55d08af 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -685,7 +685,11 @@ compare_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port,
     /* no policy? accept all. */
     return ADDR_POLICY_ACCEPTED;
   } else if (tor_addr_is_null(addr)) {
-    tor_assert(port != 0);
+    if (port == 0) {
+      log_info(LD_BUG, "Rejecting null address with 0 port (family %d)",
+               addr ? tor_addr_family(addr) : -1);
+      return ADDR_POLICY_REJECTED;
+    }
     return compare_unknown_tor_addr_to_addr_policy(port, policy);
   } else if (port == 0) {
     return compare_known_tor_addr_to_addr_policy_noport(addr, policy);





More information about the tor-commits mailing list