Do not assert when comparing a null address/port against a policy

This can create a remote crash opportunity for/against directory
authorities.

changes/bug6690

@@ -0,0 +1,7 @@
+  o Major bugfixes (security):
+    - Do not crash when comparing an address with port value 0 to an
+      address policy. This bug could have been used to cause a remote
+      assertion failure by or against directory authorities, or to
+      allow some applications to crash clients. Fixes bug 6690; bugfix
+      on 0.2.1.10-alpha.
+

src/or/policies.c

@@ -685,7 +685,11 @@ compare_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port,
     /* no policy? accept all. */
     return ADDR_POLICY_ACCEPTED;
   } else if (tor_addr_is_null(addr)) {
-    tor_assert(port != 0);
+    if (port == 0) {
+      log_info(LD_BUG, "Rejecting null address with 0 port (family %d)",
+               addr ? tor_addr_family(addr) : -1);
+      return ADDR_POLICY_REJECTED;
+    }
     return compare_unknown_tor_addr_to_addr_policy(port, policy);
   } else if (port == 0) {
     return compare_known_tor_addr_to_addr_policy_noport(addr, policy);