[Tor Trac #32363]: Check for leading zeros in tor_inet_aton() #1639
Conversation
Pull Request Test Coverage Report for Build 7853
|
dgoulet-tor
reviewed
Jan 7, 2020
src/lib/net/inaddr.c
Outdated
| * Also, the tor_sscanf() call above prevents an overflow from occuring. */ | ||
| for (size_t idx = 0; idx <= strlen(str); idx++) { | ||
| if (str[idx] == '.' || idx == strlen(str)) { | ||
| if (strlen(octet) > 1 && octet[0] == '0') |
octet contains junk at the start of the loop so what happens if we end up here at the first iteration where octet was never set?
The tor_sscanf() check should prevent this.
Ok I think I know what you mean as in we can only get in that if() with a malformed address and the sscanf doesn't allow that.
I would really love to still do have char octet[4] = {0}; just for safety and future proofing this. As in setting it to zeroes at first.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Ticket: https://trac.torproject.org/projects/tor/ticket/32363
The text was updated successfully, but these errors were encountered: