scan-build: avoid undef behaior in tor_inet_pton

If we had an address of the form "1.2.3.4" and we tried to pass it to
tor_inet_pton with AF_INET6, it was possible for our 'eow' pointer to
briefly move backwards to the point before the start of the string,
before we moved it right back to the start of the string.  C doesn't
allow that, and though we haven't yet hit a compiler that decided to
nuke us in response, it's best to fix.

So, be more explicit about requiring there to be a : before any IPv4
address part of the IPv6 address.  We would have rejected addresses
without a : for not being IPv6 later on anyway.

diff --git a/src/common/compat.c b/src/common/compat.c
index c5945fbd22c88ae78bc1b8855581508fae0be310..8d816b90e79f489795c3b96891bc5d9770b48803 100644 (file)
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -2195,8 +2195,10 @@ tor_inet_pton(int af, const char *src, void *dst)
     else {
       unsigned byte1,byte2,byte3,byte4;
       char more;
-      for (eow = dot-1; eow >= src && TOR_ISDIGIT(*eow); --eow)
+      for (eow = dot-1; eow > src && TOR_ISDIGIT(*eow); --eow)
         ;
+      if (*eow != ':')
+        return 0;
       ++eow;
 
       /* We use "scanf" because some platform inet_aton()s are too lax

diff --git a/src/test/test_addr.c b/src/test/test_addr.c
index cee2dcf2a02341d22322ae331654d7ed0ff39baf..50011e606bcc5dcb742633006288808d0f81ef14 100644 (file)
--- a/src/test/test_addr.c
+++ b/src/test/test_addr.c
@@ -346,6 +346,9 @@ test_addr_ip6_helpers(void)
   test_pton6_bad("a:::b:c");
   test_pton6_bad(":::a:b:c");
   test_pton6_bad("a:b:c:::");
+  test_pton6_bad("1.2.3.4");
+  test_pton6_bad(":1.2.3.4");
+  test_pton6_bad(".2.3.4");
 
   /* test internal checking */
   test_external_ip("fbff:ffff::2:7", 0);