[tor-bugs] #18330 [Tor Launcher]: Tor Launcher only accepts HEXDIGIT passwords for controller

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 17 15:19:25 UTC 2016 

#18330: Tor Launcher only accepts HEXDIGIT passwords for controller
--------------------------+-----------------------
 Reporter:  gk            |          Owner:  brade
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Tor Launcher  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
  Sponsor:                |
--------------------------+-----------------------
Description changed by gk:

Old description:

> We currently give the advice to double quute the password for the Tor
> controller in the start-tor-browser script which seems to be a good thing
> given the trouble with quoting correctly. But this does not work (I
> wonder if it actually ever worked). The problem is that Tor Launcher is
> expecting a `HEXDIGIT` password. Using `deadbeef` is fine but
> {{{
> password[i] = parseInt(aHexPassword.substr(i * 2, 2), 16);
> }}}
> does not like things like `test` or {{{"`test"`}}} and is e.g. reporting
> for the former `NaN, NaN` which breaks the hashed control password option
> (the argument `aHexPassword` is spoiling the bug hunt a bit but I was not
> affected by it :) ). That in turn breaks the authentication and Tor
> Browser won't start.

New description:

 We currently give the advice to double quote the password for the Tor
 controller in the start-tor-browser script which seems to be a good thing
 given the trouble with quoting correctly. But this does not work (I wonder
 if it actually ever worked). The problem is that Tor Launcher is expecting
 a `HEXDIGIT` password. Using `deadbeef` is fine but
 {{{
 password[i] = parseInt(aHexPassword.substr(i * 2, 2), 16);
 }}}
 does not like things like `test` or {{{'"test"'}}} and is e.g. reporting
 for the former `NaN, NaN` which breaks the hashed control password option
 (the argument `aHexPassword` is spoiling the bug hunt a bit but I was not
 affected by it :) ). That in turn breaks the authentication and Tor
 Browser won't start.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18330#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list