Opened 5 years ago

Last modified 4 months ago

#18340 new enhancement

Make sure the controller password used in Torbutton is conforming to the spec

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-torbutton, gitlab-tb-torbutton
Cc: arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


var auth_cmd = "AUTHENTICATE "+m_tb_control_pass+"\r\n";

is basically just taking m_tb_control_pass and passing it along to tor. We should do some checks that it is actually conforming to the spec (it must be comprised of HEXIDIGITs or be a QuotedString).

Child Tickets

Change History (2)

comment:1 Changed 5 years ago by gk

Cc: arthuredelstein added

And, FWIW, this has implications for code concerning the circuit display as well as the password used is just passed on to it.

comment:2 Changed 4 months ago by gk

Keywords: gitlab-tb-torbutton added

Add magic gitlab keyword.

Note: See TracTickets for help on using tickets.