#22469: tor should probably reject "0x00" in port range specifications
 Reporter:  toralf                               |          Owner:
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-relay torrc configuration intro  |  Actual Points:
  ipv6                                           |
Parent ID:  #22802                               |         Points:
 Reviewer:                                       |        Sponsor:
Changes (by catalyst):

 * cc: catalyst (added)


 By code inspection it looks like `0x00` as the port might get accepted by
 `parse_port_range()` because `tor_parse_long()` gets called with a non-
 null `next` to detect a hyphen delimiting the maximum of a port range, but
 nothing seems to produce an error if some different character follows the
 first port number of the "range".  i.e., `0x00` gets parsed as `0`
 followed by `x00` as trailing garbage that gets ignored rather than
 producing an error.  I haven't come up with a test for this yet.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22469#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to