[tor-bugs] #1666 [Tor Client]: SOCKS handling should accept (and ignore) password auth.
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Jun 29 21:50:26 UTC 2011
#1666: SOCKS handling should accept (and ignore) password auth.
-------------------------+--------------------------------------------------
Reporter: nickm | Owner: mwenge
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by nickm):
Let's get this merged!
For changes please see my new branch "bug1666" in my public repository,
based on Robert's branch above.
I think that the want_length_out computations in parse_socks() are
suspicious. I've fixed these (I think) in 1ed615ded7db0765e.
The big list of tests makes me quite happy. I refactored them into a test
suite of their own. Previously, some of the subtests were only passing
because of state that was already set in the socks_request_t; I fixed
that.
I think that the current code is incorrect in how it getting a message
that starts with 0x01. Right now, if we have negotiated socks5, then it
accepts username/password auth. But it does this potentially infinitely
many times, and it also does it if we have not negotiated
username/password auth! I think that we should be more strict here. My
aec396d might fix that.
In 2e6604f4 I added code to record the username/password; we'll need that.
In 05c424 I changed the calling convention for fetch_from_buf_socks to
more closely match fetch_from_evbuffer socks.
This probably needs another review now, and maybe a little more testing.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1666#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list