[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15000 [Tor]: Strings introduced in #8405 should be proper QuotedStrings



#15000: Strings introduced in #8405 should be proper QuotedStrings
------------------------+---------------------------------------
     Reporter:  nickm   |      Owner:
         Type:  defect  |     Status:  needs_review
     Priority:  normal  |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:  Tor: 0.2.6.3-alpha
   Resolution:          |   Keywords:  tor-controller tor-client
Actual Points:          |  Parent ID:
       Points:          |
------------------------+---------------------------------------

Comment (by arthuredelstein):

 \r and \n are also potentially problematic for control port clients that
 make simplifying assumptions about the response protocol. (I think I'm
 guilty of writing one. :P) Maybe tor should reject SOCKS username/password
 with any dangerous characters? BTW, is a hostile SOCKS port part of the
 threat model?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15000#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs