aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/bug66907
-rw-r--r--src/or/policies.c6
2 files changed, 12 insertions, 1 deletions
diff --git a/changes/bug6690 b/changes/bug6690
new file mode 100644
index 000000000..99d42976e
--- /dev/null
+++ b/changes/bug6690
@@ -0,0 +1,7 @@
+ o Major bugfixes (security):
+ - Do not crash when comparing an address with port value 0 to an
+ address policy. This bug could have been used to cause a remote
+ assertion failure by or against directory authorities, or to
+ allow some applications to crash clients. Fixes bug 6690; bugfix
+ on 0.2.1.10-alpha.
+
diff --git a/src/or/policies.c b/src/or/policies.c
index c87036013..55d08afc8 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -685,7 +685,11 @@ compare_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port,
/* no policy? accept all. */
return ADDR_POLICY_ACCEPTED;
} else if (tor_addr_is_null(addr)) {
- tor_assert(port != 0);
+ if (port == 0) {
+ log_info(LD_BUG, "Rejecting null address with 0 port (family %d)",
+ addr ? tor_addr_family(addr) : -1);
+ return ADDR_POLICY_REJECTED;
+ }
return compare_unknown_tor_addr_to_addr_policy(port, policy);
} else if (port == 0) {
return compare_known_tor_addr_to_addr_policy_noport(addr, policy);