[tor-bugs] #13587 [Obfsproxy]: scamblesuit bug: sharedSecret is not None
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 1 03:56:02 UTC 2014
#13587: scamblesuit bug: sharedSecret is not None
---------------------------+--------------------------
Reporter: hellais | Owner: asn
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: Obfsproxy | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
---------------------------+--------------------------
Changes (by yawning):
* status: needs_information => needs_review
Comment:
Replying to [comment:4 phw]:
> Do we already know if this is a bug in ScrambleSuit or if OONI simply
invoked ScrambleSuit without the `password` option?
"Yes" (It's both).
When in managed mode, and the `password` option is missing entirely
`handle_socks_args()` will never get called from the base code, resulting
in the shared secret being `None` and the assert being hit since that
condition is never explicitly checked.
It's trivial to reproduce (just delete the `password` argument from the
bridge line), and trivial to fix
(https://gitweb.torproject.org/user/yawning/obfsproxy.git/commit/49dd8aae6064839d08f677b1ff641b56951dd9ca)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13587#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list