[tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sun Oct 17 15:53:36 UTC 2010
#1666: SOCKS handling should accept (and ignore) password auth.
-------------------------+--------------------------------------------------
Reporter: nickm | Owner: mwenge
Type: enhancement | Status: needs_review
Priority: minor | Milestone:
Component: Tor Client | Version:
Keywords: | Parent:
-------------------------+--------------------------------------------------
Comment(by nickm):
> You mean after the method has been negotiated we just clobber the rest
of the packet?
No, I was talking about the part that said,
{{{
+ if (buf->datalen > 2u + usernamelen + 1u + passlen) {
+ log_warn(LD_APP,
+ "socks5: Malformed username/password. Rejecting.");
+ return -1;
+ }
}}}
I meant to ask whether, after we're done accepting the username and
password, we shouldn't allow the buffer to still ahve more data that we
leave on the buffer? Is the client not allowed to send the connection
request until the server answers the authentication?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1666#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list