[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sun, 17 Oct 2010 15:53:36 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 17 Oct 2010 11:53:48 -0400
In-reply-to: <045.7219aac67e5dbe64a99b03de12ac79f6@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.7219aac67e5dbe64a99b03de12ac79f6@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#1666: SOCKS handling should accept (and ignore) password auth.
-------------------------+--------------------------------------------------
 Reporter:  nickm        |       Owner:  mwenge      
     Type:  enhancement  |      Status:  needs_review
 Priority:  minor        |   Milestone:              
Component:  Tor Client   |     Version:              
 Keywords:               |      Parent:              
-------------------------+--------------------------------------------------

Comment(by nickm):

 > You mean after the method has been negotiated we just clobber the rest
 of the packet?

 No, I was talking about the part that said,

 {{{
 +      if (buf->datalen > 2u + usernamelen + 1u + passlen) {
 +        log_warn(LD_APP,
 +                 "socks5: Malformed username/password. Rejecting.");
 +        return -1;
 +      }
 }}}

 I meant to ask whether, after we're done accepting the username and
 password, we shouldn't allow the buffer to still ahve more data that we
 leave on the buffer?  Is the client not allowed to send the connection
 request until the server answers the authentication?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1666#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #988 [Tor Relay]: Different TLS certs for incoming vs outgoing
Next by Author: Re: [tor-bugs] #1307 [Tor Relay]: Hosting many hidden services causes many errors and takes hours to start up
Previous by thread: Re: [tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.
Next by thread: [tor-bugs] #2064 [Metrics]: need a spec for the exit-list format
Index(es):
- Author
- Thread