Opened 4 years ago

Last modified 4 years ago

#18330 new defect

Tor Launcher only accepts HEXDIGIT passwords for controller

Reported by: gk Owned by: brade
Priority: Medium Milestone:
Component: Applications/Tor Launcher Version:
Severity: Normal Keywords:
Cc: mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by gk)

We currently give the advice to double quote the password for the Tor controller in the start-tor-browser script which seems to be a good thing given the trouble with quoting correctly. But this does not work (I wonder if it actually ever worked). The problem is that Tor Launcher is expecting a HEXDIGIT password. Using deadbeef is fine but

password[i] = parseInt(aHexPassword.substr(i * 2, 2), 16);

does not like things like test or '"test"' and is e.g. reporting for the former NaN, NaN which breaks the hashed control password option (the argument aHexPassword is spoiling the bug hunt a bit but I was not affected by it :) ). That in turn breaks the authentication and Tor Browser won't start.

Child Tickets

Change History (7)

comment:1 Changed 4 years ago by cypherpunks

Why is quoting the password a good thing? What's the trouble with quoting correctly?

When I read the start-tor-browser script I never understood why so much insistence in this regard. It actually seems to me like it was written by a very insecure novice programmer.

Looking at it again, that script really is a mess.

comment:2 Changed 4 years ago by gk

Description: modified (diff)

comment:3 in reply to:  1 ; Changed 4 years ago by gk

Replying to cypherpunks:

Why is quoting the password a good thing? What's the trouble with quoting correctly?

Well, as soon as you need to escape your quoting character because you use it in your password it gets messy easily. And what I did say, was that it's a good thing to give the user a hint about correctly quoting the password. Not that the need for quoting on the user side is a good thing. In fact, I think we should abstract that away from the user. They should just be able to enter their password and Tor Launcher should take care of the proper quoting if needed.

comment:4 Changed 4 years ago by gk

See #18340 for a somewhat controller related ticket.

comment:5 in reply to:  3 Changed 4 years ago by cypherpunks

Replying to gk:

Replying to cypherpunks:

Why is quoting the password a good thing? What's the trouble with quoting correctly?

Well, as soon as you need to escape your quoting character because you use it in your password it gets messy easily. And what I did say, was that it's a good thing to give the user a hint about correctly quoting the password. Not that the need for quoting on the user side is a good thing.

Right. It is good to mention the issue (like in a comment or a manual page), for people writing env vars yet not familiar with the shell (?).

In fact, I think we should abstract that away from the user. They should just be able to enter their password and Tor Launcher should take care of the proper quoting if needed.

I agree with this. The env var should just be the-password-itself, nothing more.

comment:6 Changed 4 years ago by mcs

Cc: mcs added

Kathy and I spent a little time looking at this issue. We should add support to Tor Launcher for passwords that are not hex-encoded, and gk is correct that the code in _hashPassword() within tl-protocol.js is part of the problem. But we need to agree on a spec. for TOR_CONTROL_PASSWD because Tor Launcher needs an unambiguous way to determine which kind of encoding is used.

Kathy and I propose that Tor Launcher will treat double-quoted strings as plain, UTF-8 (unencoded) passwords; otherwise, Tor Launcher will assume the password is hex-encoded (and complain if anything other than hex digits are used in that case).

comment:7 Changed 4 years ago by gk

I am fine with whatever we do here as long as we follow the control-spec which says

"AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF

and as long as we don't put the burden on the user to quote their password correctly. We should do that.

Note: See TracTickets for help on using tickets.