[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17634 [Tor Launcher]: By more strict if applying double quotes around passwords
#17634: By more strict if applying double quotes around passwords
--------------------------+-----------------------
Reporter: gk | Owner: brade
Type: defect | Status: new
Priority: Low | Milestone:
Component: Tor Launcher | Version:
Severity: Minor | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------------+-----------------------
Description changed by gk:
Old description:
> When authenticating we handle the control password as follows:
> {{{
> // Surround non-hex strings with double quotes.
> const kIsHexRE = /^[A-Fa-f0-9]*$/;
> if (!kIsHexRE.test(pwdArg))
> pwdArg = '"' + pwdArg + '"';
> }}}
> But the spec says `"AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF`
> and `HEXDIGIT` being `DIGIT / "A" / "B" / "C" / "D" / "E" / "F"`
> according to RFC 2234. Thus, we are a bit more lenient than we should be
> at the moment.
New description:
When authenticating we handle the control password as follows:
{{{
// Surround non-hex strings with double quotes.
const kIsHexRE = /^[A-Fa-f0-9]*$/;
if (!kIsHexRE.test(pwdArg))
pwdArg = '"' + pwdArg + '"';
}}}
But the spec says `"AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF`
and `HEXDIG` being `DIGIT / "A" / "B" / "C" / "D" / "E" / "F"` according
to RFC 2234. Thus, we are a bit more lenient than we should be at the
moment.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17634#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs