[Pkg-privacy-commits] [obfsproxy] 01/13: Handle missing ScrambleSuit passwords in managed mode.

Jérémy Bobbio lunar at moszumanska.debian.org
Fri Aug 28 16:28:41 UTC 2015 

This is an automated email from the git hooks/post-receive script.

lunar pushed a commit to annotated tag debian/0.2.13-1
in repository obfsproxy.

commit 49dd8aae6064839d08f677b1ff641b56951dd9ca
Author: Yawning Angel <yawning at torproject.org>
Date:   Sat Nov 1 03:45:55 2014 +0000

    Handle missing ScrambleSuit passwords in managed mode.
    
    If the password argument is missing from the bridge line entirely,
    `handle_socks_args()` will never get called as the username/password
    auth will not be negotiated.  Correctly detect that this has happened
    at client handshake time, log a warning and drop the connection.
    
    Fixes bug #13587.
---
 ChangeLog                                         | 5 +++++
 obfsproxy/transports/scramblesuit/scramblesuit.py | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index b9791da..7d66351 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Changes in version 0.2.13 - UNRELEASED:
+ - Correctly handle the ScrambleSuit password being missing entirely
+   when running in managed mode. Patch by Yawning Angel. Fixes #13587.
+
+
 Changes in version 0.2.12 - 2014-07-22:
  - Add txsocksx and parsley as dependencies in py2exe. Fixes bug #12381.
 
diff --git a/obfsproxy/transports/scramblesuit/scramblesuit.py b/obfsproxy/transports/scramblesuit/scramblesuit.py
index 1479f12..3f93b1d 100644
--- a/obfsproxy/transports/scramblesuit/scramblesuit.py
+++ b/obfsproxy/transports/scramblesuit/scramblesuit.py
@@ -238,6 +238,11 @@ class ScrambleSuitTransport( base.BaseTransport ):
 
         # Conduct an authenticated UniformDH handshake if there's no ticket.
         else:
+            if self.uniformDHSecret is None:
+                log.warning("A UniformDH password is not set, most likely " \
+                            "a missing 'password' argument.")
+                self.circuit.close()
+                return
             log.debug("No session ticket to redeem.  Running UniformDH.")
             self.circuit.downstream.write(self.uniformdh.createHandshake())
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/obfsproxy.git

More information about the Pkg-privacy-commits mailing list