[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #19206 [Applications/Tor Browser]: SOCKS isolation should include a process identifier.



#19206: SOCKS isolation should include a process identifier.
--------------------------------------+--------------------------------
 Reporter:  yawning                   |          Owner:  tbb-team
     Type:  enhancement               |         Status:  needs_revision
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam201606R     |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------------
Changes (by arthuredelstein):

 * status:  needs_review => needs_revision


Comment:

 {{{
 function Nonce() {
 }}}

 My inclination for the sake of simplicity would be to drop the increment
 part and just make nonce() a simple function that returns a hex string.

 {{{
   // Hexlify the tag.
   for (var i = 0; i < tag.length; i++)
     hexTag += tag[i].toString(16);
 }}}

 This code drops the leading zero for octets with value < 16. Doesn't
 affect entropy much, but would probably be nice to behave as expected.
 Also I generally prefer `let` to `var`.

 {{{
 // Per-domain noncces are stored in a map, so simply regenerate.
 }}}

 Typo.

 Generally, we would precede the subject line for these two patches with
 "Bug 19206: ", because it makes sorting/searching easy.

 Otherwise these patches look good to me.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19206#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs