[tor-bugs] #18340 [Tor Browser]: Make sure the controller password used in Torbutton is conforming to the spec
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 18 14:16:08 UTC 2016
#18340: Make sure the controller password used in Torbutton is conforming to the
spec
-----------------------------+---------------------------
Reporter: gk | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Keywords: tbb-torbutton
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+---------------------------
{{{
var auth_cmd = "AUTHENTICATE "+m_tb_control_pass+"\r\n";
}}}
is basically just taking `m_tb_control_pass` and passing it along to tor.
We should do some checks that it is actually conforming to the spec (it
must be comprised of `HEXIDIGIT`s or be a `QuotedString`).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18340>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list