]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2c0088b)
Disallow "*/maskbits" as an address pattern.
authorNick Mathewson <nickm@torproject.org>
Wed, 12 Feb 2014 20:59:04 +0000 (15:59 -0500)
committerNick Mathewson <nickm@torproject.org>
Wed, 12 Feb 2014 21:00:26 +0000 (16:00 -0500)
Fixes bug 7484. We've had this bug back in a8eaa79e031ee04d44 in
0.0.2pre14, when we first started allowing address masks.

changes/bug7484 [new file with mode: 0644] patch | blob
src/common/address.c patch | blob | blame | history
src/test/test_addr.c patch | blob | blame | history

diff --git a/changes/bug7484 b/changes/bug7484
new file mode 100644 (file)
index 0000000..647992a
--- /dev/null
+++ b/changes/bug7484
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Stop allowing invalid address patterns containing both a wildcard
+      address and a bit prefix length. This affects all our
+      address-range parsing code. Fixes bug 7484; bugfix on 0.0.2pre14.
diff --git a/src/common/address.c b/src/common/address.c
index b9f2d931549ae483c10fc3ec26fc23f7a7865362..be41cc73acd4565781f89d39af042ac2c50c6e56 100644 (file)
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -714,6 +714,11 @@ tor_addr_parse_mask_ports(const char *s,
         /* XXXX_IP6 is this really what we want? */
         bits = 96 + bits%32; /* map v4-mapped masks onto 96-128 bits */
       }
+      if (any_flag) {
+        log_warn(LD_GENERAL,
+                 "Found bit prefix with wildcard address; rejecting");
+        goto err;
+      }
     } else { /* pick an appropriate mask, as none was given */
       if (any_flag)
         bits = 0;  /* This is okay whether it's V6 or V4 (FIX V4-mapped V6!) */
diff --git a/src/test/test_addr.c b/src/test/test_addr.c
index 79ddd95090a8eda9ba11a752e9dc64ea0243850e..7c289c371a042525f988f22f35584f1d9e017c64 100644 (file)
--- a/src/test/test_addr.c
+++ b/src/test/test_addr.c
@@ -646,7 +646,6 @@ test_addr_ip6_helpers(void)
   test_assert(r == -1);
   r=tor_addr_parse_mask_ports("*6",0,&t1, &mask, NULL, NULL);
   test_assert(r == -1);
-#if 0
   /* Try a mask with a wildcard. */
   r=tor_addr_parse_mask_ports("*/16",0,&t1, &mask, NULL, NULL);
   test_assert(r == -1);
@@ -656,7 +655,6 @@ test_addr_ip6_helpers(void)
   r=tor_addr_parse_mask_ports("*6/30",TAPMP_EXTENDED_STAR,
                               &t1, &mask, NULL, NULL);
   test_assert(r == -1);
-#endif
   /* Basic mask tests*/
   r=tor_addr_parse_mask_ports("1.1.2.2/31",0,&t1, &mask, NULL, NULL);
   test_assert(r == AF_INET);
Mirror of https://git.torproject.org/tor.git