Pier Angelo Vendrame pushed to branch tor-browser-151.0a1-16.0-1 at The Tor Project / Applications / Tor Browser
Commits:
-
3bc02e6b
by Pier Angelo Vendrame at 2026-05-26T16:54:01+02:00
2 changed files:
- toolkit/components/tor-launcher/TorControlPort.sys.mjs
- toolkit/components/tor-launcher/TorProvider.sys.mjs
Changes:
| ... | ... | @@ -672,6 +672,8 @@ export class TorController { |
| 672 | 672 | /**
|
| 673 | 673 | * Authenticate to the tor daemon.
|
| 674 | 674 | * Notice that a failure in the authentication makes the connection close.
|
| 675 | + * This function tolerates empty and false-ish passwords because a client
|
|
| 676 | + * needs to authenticate even when all authentication methods are disabled.
|
|
| 675 | 677 | *
|
| 676 | 678 | * @param {Uint8Array} password The password for the control port, as an array
|
| 677 | 679 | * of bytes
|
| ... | ... | @@ -680,7 +682,11 @@ export class TorController { |
| 680 | 682 | const passwordString = Array.from(password ?? [], b =>
|
| 681 | 683 | b.toString(16).padStart(2, "0")
|
| 682 | 684 | ).join("");
|
| 683 | - await this.#sendCommandSimple(`authenticate ${passwordString}`);
|
|
| 685 | + let command = "AUTHENTICATE";
|
|
| 686 | + if (passwordString) {
|
|
| 687 | + command += ` ${passwordString}`;
|
|
| 688 | + }
|
|
| 689 | + await this.#sendCommandSimple(command);
|
|
| 684 | 690 | }
|
| 685 | 691 | |
| 686 | 692 | // Information
|
| ... | ... | @@ -834,6 +834,9 @@ export class TorProvider extends TorProviderBase { |
| 834 | 834 | this.#controlPortSettings.cookieFilePath
|
| 835 | 835 | );
|
| 836 | 836 | }
|
| 837 | + // As per the spec, we must always authenticate to the control port, even
|
|
| 838 | + // when all authentication methods are disabled.
|
|
| 839 | + // https://spec.torproject.org/control-spec/commands.html#authenticate
|
|
| 837 | 840 | await controlPort.authenticate(password);
|
| 838 | 841 | } catch (e) {
|
| 839 | 842 | try {
|