[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #29175 [Core Tor/Tor]: Tor 0.3.5.x mishandles empty socks5 auth



#29175: Tor 0.3.5.x mishandles empty socks5 auth
--------------------------------------+------------------------------------
 Reporter:  arma                      |          Owner:  (none)
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:  Tor: 0.4.0.x-final
Component:  Core Tor/Tor              |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  regression, backport-035  |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+------------------------------------

Comment (by yawning):

 Rejecting malformed username/password authentication attempts is the
 correct behavior.

 > {{{ send <Buffer 01 00 00> [00 = zero length username, 00 = zero length
 password] }}}

 Both UNAME and PASSWD are explicitly specified as 1 to 255 octets long.
 Fix the client library.

 See:
  * https://tools.ietf.org/html/rfc1929
  * https://www.ietf.org/archive/id/draft-thomson-postel-was-wrong-03.txt

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29175#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs