[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8405 [Tor]: Provide a control port command to query the circuit used for SOCKS u+p



#8405: Provide a control port command to query the circuit used for SOCKS u+p
-----------------------------+------------------------------------
     Reporter:  mikeperry    |      Owner:  mikeperry
         Type:  enhancement  |     Status:  needs_revision
     Priority:  normal       |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  tor-client, mike-0.2.5
Actual Points:               |  Parent ID:  #5752
       Points:               |
-----------------------------+------------------------------------
Changes (by rransom):

 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:11 arthuredelstein]:
 > OK, I've posted a patch based on rransom's approach. Does this seem like
 the right thing now? Thanks for your help.

 You must not output the SOCKS4 auth string without escaping it.  Either
 use `esc_for_log_len` (and add it if it hasn't already been added to Tor
 somewhere) like I did or use `base16_encode`.

 Remember that some people will think that a hex-encoded string is
 encrypted.  At the very least, be aware that hexifying strings makes it
 harder for a human to read the control-port output.

 Consider dynamically allocating the hex-encoding buffers for SOCKS5 auth
 strings, or at least not allocating a full kilobyte on the stack -- you're
 about to `smartlist_add_asprintf` the contents anyway, so 512 bytes of
 buffer should be enough.

 Remember to update `control-spec.txt` to document at least what is
 actually being used by other applications.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8405#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs