[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #22088 [Core Tor/Tor]: pluggable transport specs need to be more consistent about quoting

Subject: [tor-bugs] #22088 [Core Tor/Tor]: pluggable transport specs need to be more consistent about quoting
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 27 Apr 2017 18:57:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 27 Apr 2017 14:57:31 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22088: pluggable transport specs need to be more consistent about quoting
------------------------------+--------------------------
     Reporter:  catalyst      |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  tor-spec, pt
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------
 There's some inconsistency among the specs (and code doesn't necessarily
 match the specs either) about how pluggable transports quote or escape
 special characters in transport arguments.  See #12930 for additional
 background.

 Proposal:

 * Explicitly disallow whitespace (or control characters for that matter)
 in keys or values of PT arguments.  (No PT does this now that I know of,
 and people with Unix-ish backgrounds are likely to avoid using whitespace
 in this context anyway.)
 * Explicitly disallow `=` and `\` in keys of PT arguments.  (I'm assuming
 PT designers have more flexibility in choosing keys than value encodings,
 but if this poses a problem for someone please speak up.)
 * Allow but discourage `=` in values of PT arguments. (If you encode
 something in base64 or base32, try to truncate the trailing padding.)
 * Allow but discourage `\` in values of PT arguments.
 * Require `\` to be escaped by `\` (in addition to escaping `,`, which is
 already required) in `SMETHOD ARGS` and `transport` lines of `extra-info`
 documents. (Almost everywhere else I've seen that uses `\` for escaping
 also requires that `\` itself be escaped, and it's closer to what people
 already expect. goptlib already implemented this despite it not being
 specified in `pt-spec.txt`)
 * Do not require `=` to be escaped by `\` in `SMETHOD ARGS` and
 `transport` lines of `extra-info` documents.
 * Do not require any PT argument characters to be escaped in BridgeDB
 output or `Bridge` lines in `torrc`.  (Any `\` characters stand for
 themselves.  This requires the fewest changes to existing `tor` code.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22088>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #22088 [Obfuscation/Pluggable transport]: pluggable transport specs need to be more consistent about quoting
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22088 [Obfuscation/Pluggable transport]: pluggable transport specs need to be more consistent about quoting
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22088 [Obfuscation/Pluggable transport]: pluggable transport specs need to be more consistent about quoting
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22088 [Core Tor/Tor]: pluggable transport specs need to be more consistent about quoting
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #21967 [Core Tor/Tor]: obfs4proxy not killed when unused
Next by Author: [tor-bugs] #22038 [Applications/Tor Browser Sandbox]: Stub out `pa_start_child_for_read`.
Previous by thread: Re: [tor-bugs] #22087 [Applications/Tor Browser]: emoji not display correctly
Next by thread: Re: [tor-bugs] #22088 [Core Tor/Tor]: pluggable transport specs need to be more consistent about quoting
Index(es):
- Author
- Thread