[tor-bugs] #17634 [Tor Launcher]: By more strict if applying double quotes around passwords
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 18 10:33:09 UTC 2015
#17634: By more strict if applying double quotes around passwords
------------------------------+-------------------
Reporter: gk | Owner: brade
Type: defect | Status: new
Priority: Low | Milestone:
Component: Tor Launcher | Version:
Severity: Minor | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
------------------------------+-------------------
When authenticating we handle the control password as follows:
{{{
// Surround non-hex strings with double quotes.
const kIsHexRE = /^[A-Fa-f0-9]*$/;
if (!kIsHexRE.test(pwdArg))
pwdArg = '"' + pwdArg + '"';
}}}
But the spec says `"AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF`
and `HEXDIGIT` being `DIGIT / "A" / "B" / "C" / "D" / "E" / "F"` according
to RFC 2234. Thus, we are a bit more lenient than we should be at the
moment.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17634>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list