Fix undefined behavior in geoip_parse_entry().

Fixes bug 22490; bugfix on 6a241ff3ffe7dc1 in 0.2.4.6-alpha.

Found by teor using clang-5.0's AddressSanitizer stack-use-after-scope.

diff --git a/changes/bug22490 b/changes/bug22490
new file mode 100644 (file)
index 0000000..244dd50
--- /dev/null
+++ b/changes/bug22490
@@ -0,0 +1,3 @@
+  o Minor bugfixes (correctness):
+    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

diff --git a/src/or/geoip.c b/src/or/geoip.c
index e2e98e8ec46ab4dc5f37a3578e1b4853e41be6ed..4abd5191f43d7fbc4f45ca1a4f5c90ecda8df359 100644 (file)
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -145,6 +145,7 @@ geoip_parse_entry(const char *line, sa_family_t family)
   if (*line == '#')
     return 0;
 
+  char buf[512];
   if (family == AF_INET) {
     unsigned int low, high;
     if (tor_sscanf(line,"%u,%u,%2s", &low, &high, c) == 3 ||
@@ -155,7 +156,6 @@ geoip_parse_entry(const char *line, sa_family_t family)
       goto fail;
     country = c;
   } else {                      /* AF_INET6 */
-    char buf[512];
     char *low_str, *high_str;
     struct in6_addr low, high;
     char *strtok_state;