[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13587 [Obfsproxy]: scamblesuit bug: sharedSecret is not None

Subject: Re: [tor-bugs] #13587 [Obfsproxy]: scamblesuit bug: sharedSecret is not None
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 01 Nov 2014 03:56:02 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 31 Oct 2014 23:56:13 -0400
In-reply-to: <047.07c2b64fbf21b932e9a2050286b723d2@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.07c2b64fbf21b932e9a2050286b723d2@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13587: scamblesuit bug: sharedSecret is not None
---------------------------+--------------------------
     Reporter:  hellais    |      Owner:  asn
         Type:  defect     |     Status:  needs_review
     Priority:  normal     |  Milestone:
    Component:  Obfsproxy  |    Version:
   Resolution:             |   Keywords:
Actual Points:             |  Parent ID:
       Points:             |
---------------------------+--------------------------
Changes (by yawning):

 * status:  needs_information => needs_review


Comment:

 Replying to [comment:4 phw]:
 > Do we already know if this is a bug in ScrambleSuit or if OONI simply
 invoked ScrambleSuit without the `password` option?

 "Yes" (It's both).

 When in managed mode, and the `password` option is missing entirely
 `handle_socks_args()` will never get called from the base code, resulting
 in the shared secret being `None` and the assert being hit since that
 condition is never explicitly checked.

 It's trivial to reproduce (just delete the `password` argument from the
 bridge line), and trivial to fix
 (https://gitweb.torproject.org/user/yawning/obfsproxy.git/commit/49dd8aae6064839d08f677b1ff641b56951dd9ca)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13587#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #13587 [Pluggable transport]: Bug found while running ooniprobe in Iran
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #12031 [BridgeDB]: Create a Key-Value database system for simple/flat datatypes in BridgeDB
Previous by thread: Re: [tor-bugs] #13587 [Obfsproxy]: scamblesuit bug: sharedSecret is not None
Next by thread: Re: [tor-bugs] #10427 [Tor]: Point operators of new relay to the lifecycle document
Index(es):
- Author
- Thread