[tor-bugs] #22088 [Core Tor/Tor]: pluggable transport specs need to be more consistent about quoting

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 27 18:57:21 UTC 2017


#22088: pluggable transport specs need to be more consistent about quoting
------------------------------+--------------------------
     Reporter:  catalyst      |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  tor-spec, pt
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------
 There's some inconsistency among the specs (and code doesn't necessarily
 match the specs either) about how pluggable transports quote or escape
 special characters in transport arguments.  See #12930 for additional
 background.

 Proposal:

 * Explicitly disallow whitespace (or control characters for that matter)
 in keys or values of PT arguments.  (No PT does this now that I know of,
 and people with Unix-ish backgrounds are likely to avoid using whitespace
 in this context anyway.)
 * Explicitly disallow `=` and `\` in keys of PT arguments.  (I'm assuming
 PT designers have more flexibility in choosing keys than value encodings,
 but if this poses a problem for someone please speak up.)
 * Allow but discourage `=` in values of PT arguments. (If you encode
 something in base64 or base32, try to truncate the trailing padding.)
 * Allow but discourage `\` in values of PT arguments.
 * Require `\` to be escaped by `\` (in addition to escaping `,`, which is
 already required) in `SMETHOD ARGS` and `transport` lines of `extra-info`
 documents. (Almost everywhere else I've seen that uses `\` for escaping
 also requires that `\` itself be escaped, and it's closer to what people
 already expect. goptlib already implemented this despite it not being
 specified in `pt-spec.txt`)
 * Do not require `=` to be escaped by `\` in `SMETHOD ARGS` and
 `transport` lines of `extra-info` documents.
 * Do not require any PT argument characters to be escaped in BridgeDB
 output or `Bridge` lines in `torrc`.  (Any `\` characters stand for
 themselves.  This requires the fewest changes to existing `tor` code.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22088>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list