[tor-bugs] #3683 [Tor Client]: Stream-isolation code does not handle NULs in SOCKS auth fields properly
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Aug 4 16:07:18 UTC 2011
#3683: Stream-isolation code does not handle NULs in SOCKS auth fields properly
------------------------+---------------------------------------------------
Reporter: rransom | Owner: nickm
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Changes (by nickm):
* status: new => needs_review
Comment:
Yikes. Glad that never saw production.
Possible fix in branch bug3683 in my public repository.
Should-I-care questions: The memcmp is only data-independent under limited
circumstances: if either input is NULL, or if their lengths vary, it
returns faster than if they are both strings of the same length.
Also, I think that the use of uint8_t for usernamelen/socks_username_len
might be wrong; socks4 authenticators are NUL-terminated IIRC, not length-
extent?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3683#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list