[tor-bugs] #3683 [Tor Client]: Stream-isolation code does not handle NULs in SOCKS auth fields properly
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Aug 4 10:20:53 UTC 2011
#3683: Stream-isolation code does not handle NULs in SOCKS auth fields properly
------------------------+---------------------------------------------------
Reporter: rransom | Owner: nickm
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
The SOCKS server code goes to some trouble to handle any NULs embedded in
SOCKS 4 authentication strings and SOCKS 5 usernames and passwords, and it
records the lengths of those strings in the `socks_request` field of the
`edge_connection_t`. Then the stream-isolation code uses `strdup` and
`strcmp` on them as if they were NUL-terminated strings.
We should handle NULs embedded in those strings properly everywhere, and
we should probably also use a comparison function that runs in data-
independent time when comparing them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3683>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list