[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
#6297: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
-------------------------+--------------------------------------------------
Reporter: jrmithdobbs | Owner:
Type: defect | Status: needs_revision
Priority: normal | Milestone:
Component: Tor Client | Version: Tor: 0.2.3.18-rc
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by jrmithdobbs):
No, you're definitely correct that the .2.2 behavior is bad. The "general
failure" i'm referring to is the socks 0x01 error sent after parsing the
connect request. (with 0x00 appended in the buffer)
I'm just a little concerned that appended data in the auth proposal is
parsed at all.
For instance: Openssh appears to do extra checking during the socks
handshake and will send an error if there's appended data in that auth
negotiation packet. This makes sense to me as if you still have data after
finishing parsing the auth proposal there's no valid reason for it as the
protocol requires a response from the server before continuing.
Couldn't this have security implications under certain uses of SocksPort
that aren't over loopback?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6297#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs