[tor-bugs] #15000 [Tor]: Strings introduced in #8405 should be proper QuotedStrings
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 23 21:24:34 UTC 2015
#15000: Strings introduced in #8405 should be proper QuotedStrings
------------------------+---------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version: Tor: 0.2.6.3-alpha
Resolution: | Keywords: tor-controller tor-client
Actual Points: | Parent ID:
Points: |
------------------------+---------------------------------------
Comment (by arthuredelstein):
\r and \n are also potentially problematic for control port clients that
make simplifying assumptions about the response protocol. (I think I'm
guilty of writing one. :P) Maybe tor should reject SOCKS username/password
with any dangerous characters? BTW, is a hostile SOCKS port part of the
threat model?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15000#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list