[tor-bugs] #8879 [Tor]: Tor's socks5 handshake with username/password auth doesn't follow the protocol spec, and pidgin notices
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 15 07:38:30 UTC 2013
#8879: Tor's socks5 handshake with username/password auth doesn't follow the
protocol spec, and pidgin notices
------------------------+---------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-client | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Changes (by arma):
* status: new => needs_review
Comment:
http://tools.ietf.org/html/rfc1929 confirms "The VER field contains the
current version of the subnegotiation, which is X'01'."
See my bug8879 branch for a fix.
(Backporting is probably inappropriate so long as the #8117 fix doesn't
get backported. Then again, this fix is independent of that bug wrt
applications that offer *only* username+password auth, and do not offer
no-auth. Still, 0.2.3 has lasted this long without a fix, and it will last
longer.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8879#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list