[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #8405 [Tor]: Provide a control port command to query the circuit used for SOCKS u+p
#8405: Provide a control port command to query the circuit used for SOCKS u+p
-----------------------------+------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: enhancement | Status: needs_revision
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-client, mike-0.2.5
Actual Points: | Parent ID: #5752
Points: |
-----------------------------+------------------------------------
Changes (by rransom):
* status: needs_review => needs_revision
Comment:
Replying to [comment:11 arthuredelstein]:
> OK, I've posted a patch based on rransom's approach. Does this seem like
the right thing now? Thanks for your help.
You must not output the SOCKS4 auth string without escaping it. Either
use `esc_for_log_len` (and add it if it hasn't already been added to Tor
somewhere) like I did or use `base16_encode`.
Remember that some people will think that a hex-encoded string is
encrypted. At the very least, be aware that hexifying strings makes it
harder for a human to read the control-port output.
Consider dynamically allocating the hex-encoding buffers for SOCKS5 auth
strings, or at least not allocating a full kilobyte on the stack -- you're
about to `smartlist_add_asprintf` the contents anyway, so 512 bytes of
buffer should be enough.
Remember to update `control-spec.txt` to document at least what is
actually being used by other applications.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8405#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs