[tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Dec 14 20:01:57 UTC 2010
#1666: SOCKS handling should accept (and ignore) password auth.
-------------------------+--------------------------------------------------
Reporter: nickm | Owner: mwenge
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: | Parent:
-------------------------+--------------------------------------------------
Comment(by mwenge):
Replying to [comment:8 nickm]:
> > You mean after the method has been negotiated we just clobber the rest
of the packet?
>
> No, I was talking about the part that said,
>
> {{{
> + if (buf->datalen > 2u + usernamelen + 1u + passlen) {
> + log_warn(LD_APP,
> + "socks5: Malformed username/password. Rejecting.");
> + return -1;
> + }
> }}}
>
> I meant to ask whether, after we're done accepting the username and
password, we shouldn't allow the buffer to still ahve more data that we
leave on the buffer? Is the client not allowed to send the connection
request until the server answers the authentication?
Good point - fixed this to permit it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1666#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list