[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #17634 [Tor Launcher]: By more strict if applying double quotes around passwords

Subject: [tor-bugs] #17634 [Tor Launcher]: By more strict if applying double quotes around passwords
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 18 Nov 2015 10:33:09 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Nov 2015 05:33:20 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17634: By more strict if applying double quotes around passwords
------------------------------+-------------------
     Reporter:  gk            |      Owner:  brade
         Type:  defect        |     Status:  new
     Priority:  Low           |  Milestone:
    Component:  Tor Launcher  |    Version:
     Severity:  Minor         |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |    Sponsor:
------------------------------+-------------------
 When authenticating we handle the control password as follows:
 {{{
 // Surround non-hex strings with double quotes.
 const kIsHexRE = /^[A-Fa-f0-9]*$/;
 if (!kIsHexRE.test(pwdArg))
 pwdArg = '"' + pwdArg + '"';
 }}}
 But the spec says `"AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF`
 and `HEXDIGIT` being `DIGIT / "A" / "B" / "C" / "D" / "E" / "F"` according
 to RFC 2234. Thus, we are a bit more lenient than we should be at the
 moment.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17634>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #17634 [Tor Launcher]: By more strict if applying double quotes around passwords
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17634 [Tor Launcher]: Be more strict if applying double quotes around passwords (was: By more strict if applying double quotes around passwords)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17634 [Tor Launcher]: Be more strict if applying double quotes around passwords
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17634 [Tor Launcher]: Be more strict if applying double quotes around passwords
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17634 [Tor Launcher]: Be more strict if applying double quotes around passwords
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17634 [Tor Launcher]: Be more strict if applying double quotes around passwords
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17634 [Tor Launcher]: Be more strict if applying double quotes around passwords
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17634 [Tor Launcher]: Be more strict if applying double quotes around passwords
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17631 [Chutney]: chutney fails on systems with python2, but no python
Next by Author: Re: [tor-bugs] #17624 [Tor]: Extend NEWNYM to also clear rendezvous caches and rendezvous connections
Previous by thread: Re: [tor-bugs] #17633 [Tor Sysadmin Team]: get ipv6 at all the rethem VMs
Next by thread: Re: [tor-bugs] #17634 [Tor Launcher]: By more strict if applying double quotes around passwords
Index(es):
- Author
- Thread