[tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Jul 12 14:00:01 UTC 2011


#1666: SOCKS handling should accept (and ignore) password auth.
-------------------------+--------------------------------------------------
 Reporter:  nickm        |          Owner:  mwenge            
     Type:  enhancement  |         Status:  needs_review      
 Priority:  normal       |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client   |        Version:                    
 Keywords:               |         Parent:                    
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------

Comment(by nickm):

 On the looping issue -- I think it's probably easier to clean up the code
 than to convince ourselves that the existing code is right.  Probably the
 easiest fix is to just add the check for what we _want_ to have happen:
 that every time we go through the loop, we had better make progress: we
 should either drain something, or pass more data to parse_socks than we
 did the last time, or we may be in an infinite loop.

 On parse_socks(): Yeah, that logic was convoluted.  It's been yucky for
 years.  Perhaps it's time to refactor once this stuff is merged.  It seems
 that req->socks_version gets set when we are done parsing the first part
 of the socks request.  If that's socks4, the request is all of one piece,
 and we're done.  If it's socks5 and we're using anything other than
 SOCKS_NO_AUTH then we need to parse the authentication.  Once that's done,
 we set got_auth.

 So, once req->socks_version == 5 && req->got_auth, we have negotiated
 socks v5 with username/password authentication and parsed the
 authentication, but (if we're not done yet) we haven't parsed the actual
 command part of the request yet.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1666#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list