[tor-bugs] #10148 [Obfsproxy]: Scramblesuit doesn't handle base32 decoded shared secrets properly
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 13 08:16:38 UTC 2013
#10148: Scramblesuit doesn't handle base32 decoded shared secrets properly
-----------------------------+----------------------
Reporter: isis | Owner: isis
Type: defect | Status: new
Priority: normal | Milestone:
Component: Obfsproxy | Version:
Keywords: pt,scramblesuit | Actual Points:
Parent ID: | Points:
-----------------------------+----------------------
Using a uniform DH shared secret passphrase of
`93edd2b39b06115b38778e5447be6171d34cf63cc0e083db91fca9ce7fe920fa`, I get
the following unhandled exception in my scramblesuit logfile:
{{{
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/obfsproxy-0.2
.3_14_g4acf4da-py2.7.egg/obfsproxy/pyobfsproxy.py", line 158, in run
pyobfsproxy()
File "/usr/local/lib/python2.7/dist-packages/obfsproxy-0.2
.3_14_g4acf4da-py2.7.egg/obfsproxy/pyobfsproxy.py", line 137, in
pyobfsproxy
if (args.validation_function(args) == False):
File "/usr/local/lib/python2.7/dist-packages/obfsproxy-0.2
.3_14_g4acf4da-
py2.7.egg/obfsproxy/transports/scramblesuit/scramblesuit.py", line 534, in
validate_external_mode_cli
rawLength = len(base64.b32decode(args.uniformDHSecret))
File "/usr/lib/python2.7/base64.py", line 196, in b32decode
quanta, leftover = divmod(len(s), 8)
TypeError: object of type 'NoneType' has no len()
}}}
Scramblesuit should probably at least catch the case where
`base64.b32decode` returns None, and the case where it raises `TypeError`s
due to "invalid padding".
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10148>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list