#4600: Spec doesn't mention password quotes
-----------------------+----------------------------------------------------
Reporter: atagar | Owner:
Type: defect | Status: new
Priority: trivial | Milestone:
Component: Tor Relay | Version:
Keywords: easy | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Section 5.1 of the control-spec [1] provides a nice description of
authentication, but doesn't mention how to handle quotes in the password.
Unsurprisingly controllers are expected to provide escaped quotes...
<pre>
atagar@morrigan:~$ tor --hash-password "this has a \" in it"
16:E6DC1BCEDF55EDCA607ADDB8781795772E42AAC75F7B7630B6227232E4
atagar@morrigan:~$ telnet localhost 9051
Connected to localhost.
AUTHENTICATE "this has a \" in it"
250 OK
</pre>
I'm gonna guess that only quotes should be escaped by controllers.
I've been finding it a little frustrating to figure out when and what
escaping is expected so I'm generally working from the assumption that I
should ignore escaping unless specifically called out by the spec (like it
is for authentication cookie paths, though that wasn't enough to work from
alone [2]).
Cheers! -Damian
[1] https://gitweb.torproject.org/torspec.git/blob/HEAD:/control-
spec.txt#l1924
[2] https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/socket.py#l54
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4600>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs