[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #22123 [Core Tor/Tor]: baseXX API strictness
#22123: baseXX API strictness
------------------------------+--------------------
Reporter: catalyst | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID: #19531
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------
We should think about how strict to make decoders for our baseXX APIs. In
some situations, it improves security to only have a single canonical
encoding for any particular value. We should see where this is true in
our code.
== Base16 ==
* case sensitivity (currently case-insensitive)
== Base32 ==
* case sensitivity (currently case-insensitive -- also the standard
default is uppercase and we use lowercase)
* padding strictness (currently no padding at all, even with odd lengths?)
* trailing bits strictness (in an odd-length decode, there might be
leftover bits in the final non-padding character. for a canonical
encoding, they should all be zero)
== Base64 ==
* padding strictness
* padding `=` characters only at end (currently any padding characters
terminate decoding)
* correct number of padding characters (currently not checked)
* whitespace? (maybe only if explicitly allowed?) currently we allow any
whitespace
* trailing bits strictness (in an odd-length decode, there might be
leftover bits in the final non-padding character. for a canonical
encoding, they should all be zero)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22123>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs