[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 14 Dec 2010 20:01:57 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 14 Dec 2010 15:02:08 -0500
In-reply-to: <045.7219aac67e5dbe64a99b03de12ac79f6@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.7219aac67e5dbe64a99b03de12ac79f6@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#1666: SOCKS handling should accept (and ignore) password auth.
-------------------------+--------------------------------------------------
 Reporter:  nickm        |       Owner:  mwenge            
     Type:  enhancement  |      Status:  needs_review      
 Priority:  normal       |   Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client   |     Version:                    
 Keywords:               |      Parent:                    
-------------------------+--------------------------------------------------

Comment(by mwenge):

 Replying to [comment:8 nickm]:
 > > You mean after the method has been negotiated we just clobber the rest
 of the packet?
 >
 > No, I was talking about the part that said,
 >
 > {{{
 > +      if (buf->datalen > 2u + usernamelen + 1u + passlen) {
 > +        log_warn(LD_APP,
 > +                 "socks5: Malformed username/password. Rejecting.");
 > +        return -1;
 > +      }
 > }}}
 >
 > I meant to ask whether, after we're done accepting the username and
 password, we shouldn't allow the buffer to still ahve more data that we
 leave on the buffer?  Is the client not allowed to send the connection
 request until the server answers the authentication?

 Good point - fixed this to permit it.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1666#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #933 [Tor Client]: MapAddress for domains?
Next by Author: [tor-bugs] #2290 [BridgeDB]: error
Previous by thread: Re: [tor-bugs] #2053 [BridgeDB]: Investigate why it looks like there at most 500 bridges
Next by thread: Re: [tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.
Index(es):
- Author
- Thread