Opened 13 years ago

Last modified 8 years ago

#557 closed defect (Fixed)

http[s]proxyauthenticator in torrc can't contain # symbol

Reported by: arma Owned by: nickm
Priority: Low Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords:
Cc: arma, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


This was reported in a comment on bug 550, but it deserves its own flyspray entry.

If you add a line to your torrc like
httpproxyauthenticator foo:bar#5
then you can see via getconf that it only sets the value to 'foo:bar'.

One option would be to force the user to provide a base64'ed value in the
first place. That's not a very convenient approach though.

Another option would be to make them put it in double quotes, or put a
backslash before it, or otherwise quote it.

Would supporting that in torrc parsing introduce any problems elsewhere?
I can't think of any.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (8)

comment:1 Changed 13 years ago by pzoxicuv

Thanks, that would help quite a bit :)
I've thought about doing tricky things with Privoxy to inject the proxy authentication,
but fixing the config parsing to include some kind of escaping could help somewhere else.

comment:2 Changed 13 years ago by nickm

I've added the feature to allow C-style strings as configuration values; it should be in svn
as of r13021; it will also appear in the next development alpha.

comment:3 Changed 13 years ago by arma

tup has pointed out that you still can't setconf special chars via the controller:

setconf HttpProxyAuthenticator=xx#yy
250 OK
getconf HttpProxyAuthenticator
250 HttpProxyAuthenticator=xx

comment:4 Changed 13 years ago by arma


<tup> arma: also, a conf value containing "\r\n" can inject replies into the
control protocol.

comment:5 Changed 13 years ago by nickm

Anything that can set configuration values is already winning enough that screwing with the
control protocol isn't *that* much worse.

Still, we should fix this.

I'm thinking that for backward compatibility, we should have setconf handle quoted values the
same way that torrc does, but to the same as it does not for nonquoted values.

For getconf, we should escape special values only if they need to be escaped.

Hm. I bet this will effect saveconf too.

comment:6 Changed 13 years ago by nickm

Should be fixed now in r13056 and r13057.

comment:7 Changed 13 years ago by nickm

flyspray2trac: bug closed.

comment:8 Changed 8 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.