[tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sun Oct 17 13:19:59 UTC 2010


#1666: SOCKS handling should accept (and ignore) password auth.
-------------------------+--------------------------------------------------
 Reporter:  nickm        |       Owner:  mwenge      
     Type:  enhancement  |      Status:  needs_review
 Priority:  minor        |   Milestone:              
Component:  Tor Client   |     Version:              
 Keywords:               |      Parent:              
-------------------------+--------------------------------------------------

Comment(by mwenge):

 Replying to [comment:6 nickm]:
 > Also, sadly, this code is going to need some light refactoring to work
 now that we've merged the bufferevents branch.  It's worth doing, since we
 want to also port those &@# unit tests.
 >
 Done.
 > It looks like a config_register_addressmaps change leaked into this
 patch; see config.h and config.c.
 >
 I need to expose config_register_addressmaps for the unit tests.

 > Also, it looks like the new parsing code doesn't actually make sure that
 the username/password stuff appears as the *second* thing the client says.
 We should make sure we check for that.

 Done.

 >
 > Also, is it really disallowed for the client to start writing data
 before the socks handshake is done?  What's the harm in allowing extra
 data?
 You mean after the method has been negotiated we just clobber the rest of
 the packet?
 {{{
         /* remove packet from buf. also remove any other extraneous
          * bytes, to support broken socks clients. */
         *drain_out = -1;
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1666#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list