[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [obfsproxy/master] Handle missing ScrambleSuit passwords in managed mode.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [obfsproxy/master] Handle missing ScrambleSuit passwords in managed mode.
From: asn@xxxxxxxxxxxxxx
Date: Mon, 3 Nov 2014 12:10:55 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 03 Nov 2014 07:11:09 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Yawning Angel <yawning@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 49dd8aae6064839d08f677b1ff641b56951dd9ca
Author: Yawning Angel <yawning@xxxxxxxxxxxxxx>
Date:   Sat Nov 1 03:45:55 2014 +0000

    Handle missing ScrambleSuit passwords in managed mode.
    
    If the password argument is missing from the bridge line entirely,
    `handle_socks_args()` will never get called as the username/password
    auth will not be negotiated.  Correctly detect that this has happened
    at client handshake time, log a warning and drop the connection.
    
    Fixes bug #13587.
---
 ChangeLog                                         |    5 +++++
 obfsproxy/transports/scramblesuit/scramblesuit.py |    5 +++++
 2 files changed, 10 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index b9791da..7d66351 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Changes in version 0.2.13 - UNRELEASED:
+ - Correctly handle the ScrambleSuit password being missing entirely
+   when running in managed mode. Patch by Yawning Angel. Fixes #13587.
+
+
 Changes in version 0.2.12 - 2014-07-22:
  - Add txsocksx and parsley as dependencies in py2exe. Fixes bug #12381.
 
diff --git a/obfsproxy/transports/scramblesuit/scramblesuit.py b/obfsproxy/transports/scramblesuit/scramblesuit.py
index 1479f12..3f93b1d 100644
--- a/obfsproxy/transports/scramblesuit/scramblesuit.py
+++ b/obfsproxy/transports/scramblesuit/scramblesuit.py
@@ -238,6 +238,11 @@ class ScrambleSuitTransport( base.BaseTransport ):
 
         # Conduct an authenticated UniformDH handshake if there's no ticket.
         else:
+            if self.uniformDHSecret is None:
+                log.warning("A UniformDH password is not set, most likely " \
+                            "a missing 'password' argument.")
+                self.circuit.close()
+                return
             log.debug("No session ticket to redeem.  Running UniformDH.")
             self.circuit.downstream.write(self.uniformdh.createHandshake())
 

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [webwml/staging] Update mirrors table
Next by Author: [tor-commits] [stem/master] Using a decorator to support having a default value
Previous by thread: [tor-commits] [metrics-tasks/master] Add graphing code for bandwidth by version (13634).
Next by thread: [tor-commits] [translation/liveusb-creator] Update translations for liveusb-creator
Index(es):
- Author
- Thread