[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 06 Jul 2012 01:26:00 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 05 Jul 2012 21:25:32 -0400
In-reply-to: <051.d7b4d7dc6c096425498bd37173053add@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.d7b4d7dc6c096425498bd37173053add@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#6297: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
-------------------------+--------------------------------------------------
 Reporter:  jrmithdobbs  |          Owner:                  
     Type:  defect       |         Status:  needs_revision  
 Priority:  normal       |      Milestone:                  
Component:  Tor Client   |        Version:  Tor: 0.2.3.18-rc
 Keywords:               |         Parent:                  
   Points:               |   Actualpoints:                  
-------------------------+--------------------------------------------------

Comment(by jrmithdobbs):

 No, you're definitely correct that the .2.2 behavior is bad. The "general
 failure" i'm referring to is the socks 0x01 error sent after parsing the
 connect request. (with 0x00 appended in the buffer)

 I'm just a little concerned that appended data in the auth proposal is
 parsed at all.

 For instance: Openssh appears to do extra checking during the socks
 handshake and will send an error if there's appended data in that auth
 negotiation packet. This makes sense to me as if you still have data after
 finishing parsing the auth proposal there's no valid reason for it as the
 protocol requires a response from the server before continuing.

 Couldn't this have security implications under certain uses of SocksPort
 that aren't over loopback?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6297#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #6315 [TorBirdy]: prevent leak via Message-ID header field (local timestamp disclosure)
Next by Author: Re: [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
Previous by thread: Re: [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
Next by thread: Re: [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
Index(es):
- Author
- Thread