Fix assertion failure related to openbsd strtol().

Fixes bug 22789; bugfix on 0.2.3.8-alpha.

diff --git a/changes/bug22789 b/changes/bug22789
new file mode 100644 (file)
index 0000000..dc9fa29
--- /dev/null
+++ b/changes/bug22789
@@ -0,0 +1,6 @@
+  o Major bugfixes (openbsd, denial-of-service):
+    - Avoid an assertion failure bug affecting our implementation of
+      inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
+      handling of "0xfoo" differs from what we had expected.
+      Fixes bug 22789; bugfix on 0.2.3.8-alpha.
+

diff --git a/src/common/compat.c b/src/common/compat.c
index d88c5f92dec40ab8010c7640374f1bd1a5c3786d..b77f25b4677e65690e405088a1da21c699d4a0c5 100644 (file)
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -2045,8 +2045,12 @@ tor_inet_pton(int af, const char *src, void *dst)
         char *next;
         ssize_t len;
         long r = strtol(src, &next, 16);
-        tor_assert(next != NULL);
-        tor_assert(next != src);
+        if (next == NULL || next == src) {
+          /* The 'next == src' error case can happen on versions of openbsd
+           * where treats "0xfoo" as an error, rather than as "0" followed by
+           * "xfoo". */
+          return 0;
+        }
 
         len = *next == '\0' ? eow - src : next - src;
         if (len > 4)

diff --git a/src/test/test_addr.c b/src/test/test_addr.c
index fec85a4696497c4a1e8e03c89866fac6edaf2cbf..645fc643db2ba2395eaa3d5082a33db870ce61ce 100644 (file)
--- a/src/test/test_addr.c
+++ b/src/test/test_addr.c
@@ -340,6 +340,15 @@ test_addr_ip6_helpers(void)
   test_pton6_bad("a:::b:c");
   test_pton6_bad(":::a:b:c");
   test_pton6_bad("a:b:c:::");
+  /* Regression tests for 22789. */
+  test_pton6_bad("0xfoo");
+  test_pton6_bad("0x88");
+  test_pton6_bad("0xyxxy");
+  test_pton6_bad("0XFOO");
+  test_pton6_bad("0X88");
+  test_pton6_bad("0XYXXY");
+  test_pton6_bad("0x");
+  test_pton6_bad("0X");
 
   /* test internal checking */
   test_external_ip("fbff:ffff::2:7", 0);