[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8879 [Tor]: Tor's socks5 handshake with username/password auth doesn't follow the protocol spec, and pidgin notices



#8879: Tor's socks5 handshake with username/password auth doesn't follow the
protocol spec, and pidgin notices
------------------------+---------------------------------------------------
 Reporter:  arma        |          Owner:                    
     Type:  defect      |         Status:  needs_review      
 Priority:  normal      |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor         |        Version:                    
 Keywords:  tor-client  |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------
Changes (by arma):

  * status:  new => needs_review


Comment:

 http://tools.ietf.org/html/rfc1929 confirms "The VER field contains the
 current version of the subnegotiation, which is X'01'."

 See my bug8879 branch for a fix.

 (Backporting is probably inappropriate so long as the #8117 fix doesn't
 get backported. Then again, this fix is independent of that bug wrt
 applications that offer *only* username+password auth, and do not offer
 no-auth. Still, 0.2.3 has lasted this long without a fix, and it will last
 longer.)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8879#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs