[tor-bugs] #29175 [Core Tor/Tor]: Tor 0.3.5.x mishandles empty socks5 auth

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jan 25 01:42:17 UTC 2019


#29175: Tor 0.3.5.x mishandles empty socks5 auth
--------------------------------------+------------------------------------
 Reporter:  arma                      |          Owner:  (none)
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:  Tor: 0.4.0.x-final
Component:  Core Tor/Tor              |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  regression, backport-035  |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+------------------------------------

Comment (by arma):

 My proposed fix would be:
 {{{
 diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c
 index 86c656e..8e3cf4a 100644
 --- a/src/core/proto/proto_socks.c
 +++ b/src/core/proto/proto_socks.c
 @@ -451,7 +451,6 @@ parse_socks5_userpass_auth(const uint8_t *raw_data,
 socks_re
      req->username = tor_memdup_nulterm(username, usernamelen);
      req->usernamelen = usernamelen;

 -    req->got_auth = 1;
    }

    if (passwordlen && password) {
 @@ -459,9 +458,10 @@ parse_socks5_userpass_auth(const uint8_t *raw_data,
 socks_r
      req->password = tor_memdup_nulterm(password, passwordlen);
      req->passwordlen = passwordlen;

 -    req->got_auth = 1;
    }

 +  req->got_auth = 1;
 +
    end:
    socks5_client_userpass_auth_free(trunnel_req);
    return res;
 }}}

 But I don't know if that is a *sufficient* fix. Somebody should test it.
 :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29175#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list