[tor-bugs] #22123 [Core Tor/Tor]: baseXX API strictness
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 1 18:55:14 UTC 2017
#22123: baseXX API strictness
------------------------------+--------------------
Reporter: catalyst | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID: #19531
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------
We should think about how strict to make decoders for our baseXX APIs. In
some situations, it improves security to only have a single canonical
encoding for any particular value. We should see where this is true in
our code.
== Base16 ==
* case sensitivity (currently case-insensitive)
== Base32 ==
* case sensitivity (currently case-insensitive -- also the standard
default is uppercase and we use lowercase)
* padding strictness (currently no padding at all, even with odd lengths?)
* trailing bits strictness (in an odd-length decode, there might be
leftover bits in the final non-padding character. for a canonical
encoding, they should all be zero)
== Base64 ==
* padding strictness
* padding `=` characters only at end (currently any padding characters
terminate decoding)
* correct number of padding characters (currently not checked)
* whitespace? (maybe only if explicitly allowed?) currently we allow any
whitespace
* trailing bits strictness (in an odd-length decode, there might be
leftover bits in the final non-padding character. for a canonical
encoding, they should all be zero)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22123>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list