Scramblesuit doesn't handle base32 decoded shared secrets properly (#10148) · Issues · Legacy / Trac

Scramblesuit doesn't handle base32 decoded shared secrets properly

Using a uniform DH shared secret passphrase of 93edd2b39b06115b38778e5447be6171d34cf63cc0e083db91fca9ce7fe920fa, I get the following unhandled exception in my scramblesuit logfile:

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/obfsproxy-0.2.3_14_g4acf4da-py2.7.egg/obfsproxy/pyobfsproxy.py", line 158, in run
    pyobfsproxy()
  File "/usr/local/lib/python2.7/dist-packages/obfsproxy-0.2.3_14_g4acf4da-py2.7.egg/obfsproxy/pyobfsproxy.py", line 137, in pyobfsproxy
    if (args.validation_function(args) == False):
  File "/usr/local/lib/python2.7/dist-packages/obfsproxy-0.2.3_14_g4acf4da-py2.7.egg/obfsproxy/transports/scramblesuit/scramblesuit.py", line 534, in validate_external_mode_cli
    rawLength = len(base64.b32decode(args.uniformDHSecret))
  File "/usr/lib/python2.7/base64.py", line 196, in b32decode
    quanta, leftover = divmod(len(s), 8)
TypeError: object of type 'NoneType' has no len()

Scramblesuit should probably at least catch the case where base64.b32decode returns None, and the case where it raises TypeErrors due to "invalid padding".

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information