[tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Jul 12 14:00:01 UTC 2011
#1666: SOCKS handling should accept (and ignore) password auth.
-------------------------+--------------------------------------------------
Reporter: nickm | Owner: mwenge
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by nickm):
On the looping issue -- I think it's probably easier to clean up the code
than to convince ourselves that the existing code is right. Probably the
easiest fix is to just add the check for what we _want_ to have happen:
that every time we go through the loop, we had better make progress: we
should either drain something, or pass more data to parse_socks than we
did the last time, or we may be in an infinite loop.
On parse_socks(): Yeah, that logic was convoluted. It's been yucky for
years. Perhaps it's time to refactor once this stuff is merged. It seems
that req->socks_version gets set when we are done parsing the first part
of the socks request. If that's socks4, the request is all of one piece,
and we're done. If it's socks5 and we're using anything other than
SOCKS_NO_AUTH then we need to parse the authentication. Once that's done,
we set got_auth.
So, once req->socks_version == 5 && req->got_auth, we have negotiated
socks v5 with username/password authentication and parsed the
authentication, but (if we're not done yet) we haven't parsed the actual
command part of the request yet.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1666#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list