[tor-commits] [tor/maint-0.2.2] Fix bug2752 : 48-char HTTPProxyAuthenticator limitation

nickm at torproject.org nickm at torproject.org
Tue May 17 23:51:37 UTC 2011 

commit a3707a10529c3d90a06149cf0e4bcd28b7b1ab5b
Author: Michael Yakubovich <e_zine99 at yahoo.com>
Date:   Mon May 16 16:09:35 2011 -0400

    Fix bug2752 : 48-char HTTPProxyAuthenticator limitation
    
    Bumped the char maximum to 512 for HTTPProxyAuthenticator &
    HTTPSProxyAuthenticator. Now stripping all '\n' after base64
    encoding in alloc_http_authenticator.
---
 changes/bug2752     |    5 +++++
 src/or/config.c     |    8 ++++----
 src/or/connection.c |   13 +++++++++++--
 3 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/changes/bug2752 b/changes/bug2752
new file mode 100644
index 0000000..328f11e
--- /dev/null
+++ b/changes/bug2752
@@ -0,0 +1,5 @@
+  o Minor bugfixes
+    - Tor used to limit HttpProxyAuthenticator values to 48 characters.
+    Changed the limit to 512 characters by removing base64 newlines.
+    Fixes bug 2917.
+
diff --git a/src/or/config.c b/src/or/config.c
index 614fc48..36a8940 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3398,8 +3398,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
   }
 
   if (options->HTTPProxyAuthenticator) {
-    if (strlen(options->HTTPProxyAuthenticator) >= 48)
-      REJECT("HTTPProxyAuthenticator is too long (>= 48 chars).");
+    if (strlen(options->HTTPProxyAuthenticator) >= 512)
+      REJECT("HTTPProxyAuthenticator is too long (>= 512 chars).");
   }
 
   if (options->HTTPSProxy) { /* parse it now */
@@ -3412,8 +3412,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
   }
 
   if (options->HTTPSProxyAuthenticator) {
-    if (strlen(options->HTTPSProxyAuthenticator) >= 48)
-      REJECT("HTTPSProxyAuthenticator is too long (>= 48 chars).");
+    if (strlen(options->HTTPSProxyAuthenticator) >= 512)
+      REJECT("HTTPSProxyAuthenticator is too long (>= 512 chars).");
   }
 
   if (options->Socks4Proxy) { /* parse it now */
diff --git a/src/or/connection.c b/src/or/connection.c
index 5054909..bcdde67 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -3232,8 +3232,17 @@ alloc_http_authenticator(const char *authenticator)
                     authenticator, authenticator_length) < 0) {
     tor_free(base64_authenticator); /* free and set to null */
   } else {
-    /* remove extra \n at end of encoding */
-    base64_authenticator[strlen(base64_authenticator) - 1] = 0;
+    int i = 0, j = 0;
+    int len = strlen(base64_authenticator);
+
+    /* remove all newline occurrences within the string */
+    for (i=0; i < len; ++i) {
+      if ('\n' != base64_authenticator[i]) {
+        base64_authenticator[j] = base64_authenticator[i];
+        ++j;
+      }
+    }
+    base64_authenticator[j]='\0';
   }
   return base64_authenticator;
 }

More information about the tor-commits mailing list