[tor-bugs] #4600 [Tor Relay]: Spec doesn't mention password quotes

Tue Nov 29 17:55:48 UTC 2011

#4600: Spec doesn't mention password quotes
-----------------------+----------------------------------------------------
 Reporter:  atagar     |          Owner:     
     Type:  defect     |         Status:  new
 Priority:  trivial    |      Milestone:     
Component:  Tor Relay  |        Version:     
 Keywords:  easy       |         Parent:     
   Points:             |   Actualpoints:     
-----------------------+----------------------------------------------------
 Section 5.1 of the control-spec [1] provides a nice description of
 authentication, but doesn't mention how to handle quotes in the password.
 Unsurprisingly controllers are expected to provide escaped quotes...

 <pre>
 atagar at morrigan:~$ tor --hash-password "this has a \" in it"
   16:E6DC1BCEDF55EDCA607ADDB8781795772E42AAC75F7B7630B6227232E4

 atagar at morrigan:~$ telnet localhost 9051
   Connected to localhost.
   AUTHENTICATE "this has a \" in it"
   250 OK
 </pre>

 I'm gonna guess that only quotes should be escaped by controllers.

 I've been finding it a little frustrating to figure out when and what
 escaping is expected so I'm generally working from the assumption that I
 should ignore escaping unless specifically called out by the spec (like it
 is for authentication cookie paths, though that wasn't enough to work from
 alone [2]).

 Cheers! -Damian

 [1] https://gitweb.torproject.org/torspec.git/blob/HEAD:/control-
 spec.txt#l1924
 [2] https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/socket.py#l54

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4600>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online