[tor-bugs] #12930 [Obfuscation/Pluggable transport]: Someone, somewhere needs to unescape pluggable transport "SMETHOD ARGS" arguments.

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 18 22:56:43 UTC 2017 

#12930: Someone, somewhere needs to unescape pluggable transport "SMETHOD ARGS"
arguments.
---------------------------------------------+---------------------
 Reporter:  yawning                          |          Owner:  asn
     Type:  defect                           |         Status:  new
 Priority:  Medium                           |      Milestone:
Component:  Obfuscation/Pluggable transport  |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:  goptlib                          |  Actual Points:
Parent ID:                                   |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+---------------------

Comment (by dcf):

 If it helps, here is how goptlib handles args (goptlib being the primary
 implementation of the PT protocol other than tor itself). It's mostly
 based on my own interpretation of what the spec says, but it at least has
 a lot of tests. The comments that quote pt-spec.txt are taken from an
 earlier version of the spec, probably
 [https://gitweb.torproject.org/torspec.git/tree/pt-
 spec.txt?id=4dcd7e94f17c072e771119ec90d7cbce4a4788a4 4dcd7e94f1] from July
 2014.

 [https://gitweb.torproject.org/pluggable-
 transports/goptlib.git/tree/args.go?id=0.7 args.go]: the main functions
 are `parseClientParameters`, `parseServerTransportOptions`, and
 `encodeSmethodArgs` (we haven't yet needed a function to encode client
 parameters). `encodeSmethodArgs` escapes only these three bytes: `\` `=`
 `,`. Other byte values such as `\n` and `\x00` are handled instead in
 pt.go.

 [https://gitweb.torproject.org/pluggable-
 transports/goptlib.git/tree/args_test.go?id=0.7 args_test.go]: is test
 code for the functions in args.go. Please let me know if you have
 additional test cases or if any of the existing ones seem wrong to you.

 [https://gitweb.torproject.org/pluggable-
 transports/goptlib.git/tree/pt.go?id=0.7 pt.go]: interacts a little bit
 with argument syntax in the `formatline` function, which is responsible
 for formatting stdout lines like `SMETHOD`. `formatline` panics (i.e.
 crashes) on any `\n`, `\x00`, or byte value greater than `\x7f` (see the
 `argIsSafe` function). Formerly, goptlib didn't panic but applied an
 additional backslash encoding to these bytes, which Yawning noted in
 comment:1 and has since been removed in favor of panicking.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12930#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list