[tor-bugs] #13202 [Tor]: Figure out a way to deal with bridges missing arguments.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Sep 21 06:56:17 UTC 2014
#13202: Figure out a way to deal with bridges missing arguments.
-------------------------+-----------------------------------------
Reporter: yawning | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version: Tor: unspecified
Resolution: | Keywords: bridgedb-dist, scramblesuit
Actual Points: | Parent ID:
Points: |
-------------------------+-----------------------------------------
Comment (by yawning):
Replying to [comment:1 isis]:
> Perhaps obfsproxy/scramblesuit should check the Tor version when being
called, and if there were an easy way for PTs to specify a set of Tor
version which are compatible, then it could alert the bridge operator if
the version is incompatible.
In the hindsight is 20/20 department, we don't have anything like
`TOR_VERSION` in the pt environment space, although that would be a great
thing to add. I'm not fundamentally opposed to this, but this approach
still leaves the problem of people running old tor/obfsproxy/obfs4proxy
still publishing busted extrainfo documents.
Beyond the little-t tor changes required here (which would be quite
trivial), this approach would also require changes to our pt code (and
breaking working configs because they happened to upgrade the pt and not
tor may be kind of rude).
> In the meantime, BridgeDB could have some temporary logic to not use
scramblesuit transports which do not have passwords, since these are
already deployed and there's not much we could do to fix them.
That would be excellent (obfs4 will more than likely have the same
problem).
For the record (yes I know it's unlikely to happen, just documenting it),
a hypothetical maint-0.2.4 patch would be along the lines of adding:
{{{
if (smartlist_len(items) > 3) {
log_warn(LD_CONFIG, "Server managed proxy sent us a SMETHOD line "
"with too many arguments.");
goto err;
}
}}}
This approach still would require filtering changes to BridgeDB for people
that do not upgrade, but requires no pt side changes and won't break
current 0.2.5.x configs that upgrade the pt but not tor (like changing
ScrambleSuit/obfs4 to require a `TOR_VERSION` being set would).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13202#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list