#33788: Check the return value of tor_inet_ntop() and tor_inet_ntoa() -------------------------------------------------+------------------------- Reporter: teor | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Tor: | 0.4.4.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: 044-should, security-low, | Actual Points: 035-backport, 041-backport, 042-backport, | 043-backport, outreachy-ipv6, ipv6 | Parent ID: #33768 | Points: 1 Reviewer: | Sponsor: | Sponsor55-must -------------------------------------------------+-------------------------
Old description: > The following functions don't check the return value of tor_inet_ntop(): > * tor_dup_ip(), IPv4 only, unlikely to be a serious bug > * evdns_callback(), multiple times, IPv6, could be serious > > These functions should log a bug log using BUG(), and return an error. > > We will also need to make their callers check for the error. New description: The following functions don't check the return value of tor_inet_ntop() or tor_inet_ntoa(): IPv6, could be serious: * evdns_callback(), multiple times IPv4 only, unlikely to be a serious bug: * tor_dup_ip() * fmt_addr32() * evdns_wildcard_check_callback() These functions should log a bug log using BUG() or tor_assert_nonfatal(), and return an error. (Or for the formatting functions, a sensible placeholder string.) We will also need to make their callers check for the error. -- Comment (by teor): Also fix tor_inet_ntoa(). -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33788#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs