[tor-commits] [obfsproxy/master] Handle missing ScrambleSuit passwords in managed mode.
asn at torproject.org
asn at torproject.org
Mon Nov 3 12:10:55 UTC 2014
commit 49dd8aae6064839d08f677b1ff641b56951dd9ca
Author: Yawning Angel <yawning at torproject.org>
Date: Sat Nov 1 03:45:55 2014 +0000
Handle missing ScrambleSuit passwords in managed mode.
If the password argument is missing from the bridge line entirely,
`handle_socks_args()` will never get called as the username/password
auth will not be negotiated. Correctly detect that this has happened
at client handshake time, log a warning and drop the connection.
Fixes bug #13587.
---
ChangeLog | 5 +++++
obfsproxy/transports/scramblesuit/scramblesuit.py | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index b9791da..7d66351 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Changes in version 0.2.13 - UNRELEASED:
+ - Correctly handle the ScrambleSuit password being missing entirely
+ when running in managed mode. Patch by Yawning Angel. Fixes #13587.
+
+
Changes in version 0.2.12 - 2014-07-22:
- Add txsocksx and parsley as dependencies in py2exe. Fixes bug #12381.
diff --git a/obfsproxy/transports/scramblesuit/scramblesuit.py b/obfsproxy/transports/scramblesuit/scramblesuit.py
index 1479f12..3f93b1d 100644
--- a/obfsproxy/transports/scramblesuit/scramblesuit.py
+++ b/obfsproxy/transports/scramblesuit/scramblesuit.py
@@ -238,6 +238,11 @@ class ScrambleSuitTransport( base.BaseTransport ):
# Conduct an authenticated UniformDH handshake if there's no ticket.
else:
+ if self.uniformDHSecret is None:
+ log.warning("A UniformDH password is not set, most likely " \
+ "a missing 'password' argument.")
+ self.circuit.close()
+ return
log.debug("No session ticket to redeem. Running UniformDH.")
self.circuit.downstream.write(self.uniformdh.createHandshake())
More information about the tor-commits
mailing list