[tor-bugs] #12931 [Core Tor/Tor]: TOR_PT_SERVER_TRANSPORT_OPTIONS are not escaped according to pt-spec.txt

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jun 20 04:36:33 UTC 2017


#12931: TOR_PT_SERVER_TRANSPORT_OPTIONS are not escaped according to pt-spec.txt
-------------------------------------------------+-------------------------
 Reporter:  yawning                              |          Owner:  nickm
     Type:  defect                               |         Status:
                                                 |  merge_ready
 Priority:  Low                                  |      Milestone:  Tor:
                                                 |  0.3.1.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  unspecified
 Severity:  Normal                               |     Resolution:
 Keywords:  pluggable, transports, pt-spec,      |  Actual Points:  0
  review-group-18                                |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by dcf):

 * cc: dcf (added)


Comment:

 This would make it impossible for a ''`key`'' or a ''`k`'' to contains an
 equals sign; I guess that's all right.

 Does the same inconsistency exist with regard to client SOCKS arguments?
 > First the "<Key>=<Value>" formatted arguments MUST be escaped, such that
 all backslash, equal sign, and semicolon characters are escaped with a
 backslash.

 What is an implementation supposed to do when it finds a backslash that
 precedes something other than colon, semicolon, or backslash? That is,
 colon, semicolon, and backslash MUST be backslash-escaped, but MAY other
 characters be backslash-escaped? Also: are equals signs forbidden in
 ''`v`'', or can you have unescaped ones as in `t:k=base64==`?

 For what it's worth, goptlib allows any character to be backslash-escaped
 (and for that reason allows `=` in ''`k`''). There is
 [https://gitweb.torproject.org/pluggable-
 transports/goptlib.git/tree/args_test.go?id=0.7#n277 a test for it]; I'd
 like to know if this specification change would require any change in the
 expected output. Input:
 {{{
 t:k\:1=v;t:k\=2=v;t:k\;3=v;t:k\\4=v
 }}}
 Expected output:
 {{{
 { "t": { "k:1": "v", "k=2": "v", "k;3": "v", "k\\4": "v" } }
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12931#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list