[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #29175 [Core Tor/Tor]: Tor 0.3.5.x mishandles empty socks5 auth
#29175: Tor 0.3.5.x mishandles empty socks5 auth
--------------------------------------+------------------------------------
Reporter: arma | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: regression, backport-035 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+------------------------------------
Comment (by arma):
My proposed fix would be:
{{{
diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c
index 86c656e..8e3cf4a 100644
--- a/src/core/proto/proto_socks.c
+++ b/src/core/proto/proto_socks.c
@@ -451,7 +451,6 @@ parse_socks5_userpass_auth(const uint8_t *raw_data,
socks_re
req->username = tor_memdup_nulterm(username, usernamelen);
req->usernamelen = usernamelen;
- req->got_auth = 1;
}
if (passwordlen && password) {
@@ -459,9 +458,10 @@ parse_socks5_userpass_auth(const uint8_t *raw_data,
socks_r
req->password = tor_memdup_nulterm(password, passwordlen);
req->passwordlen = passwordlen;
- req->got_auth = 1;
}
+ req->got_auth = 1;
+
end:
socks5_client_userpass_auth_free(trunnel_req);
return res;
}}}
But I don't know if that is a *sufficient* fix. Somebody should test it.
:)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29175#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs