Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Claims an Exported Variable is Required to Receive Data #704

Closed
ThisNekoGuy opened this issue May 23, 2024 · 3 comments
Closed

Claims an Exported Variable is Required to Receive Data #704

ThisNekoGuy opened this issue May 23, 2024 · 3 comments
Labels
bug

Comments

@ThisNekoGuy
Copy link

ThisNekoGuy commented May 23, 2024
edited
Loading

Describe the bug

For some reason, since updating to v9.6.17, I get an error when invoking croc as the receiver telling me to export a secret phrase. Which I find strange for two reasons: one, because I wasn't sending data via this client, and two because croc has long generated its own passcodes so I don't understand why it's suddenly telling me going against that is now a requirement.

To Reproduce

Steps to reproduce the behavior:

  1. Start/Prepare a croc transfer on another device (in my case, SteamOS via Steam Deck)
  2. Run the croc receive password (croc wxyz-something-something-something)
  3. Receive this error that's unrelated to receiving:
To use croc you need to set a code phrase using your environmental variables:

        export CROC_SECRET="yourcodephrasetouse"

Expected behaviour

Croc's old behavior: that it doesn't force me to set a secret phrase when receiving data.

Version

Receiver Croc Version: 9.6.17 (OS: Gentoo LLVM)
Sender Croc Version: v9.6.14 (OS: SteamOS)
(Haven't updated the sender in a while since installing croc via the script on the Steam Deck fails and requires manual intervention, so I only tend to update it periodically on SteamOS)

Additional context

It gets even more strange when you try to comply with its request; example:
env CROC_SECRET="(sender's passcode)" croc (sender's passcode)
returns:
securing channel...2024/05/23 12:07:32 room (secure channel) not ready, maybe peer disconnected
@schollz
Copy link
Owner

schollz commented May 23, 2024

You need to export the passphrase from the sender wxyz-something-something-something
on the receiver now.

not the way I like it either but a cve was filed until I changed it: #598 (comment)

@schollz schollz closed this as completed May 23, 2024
Repository owner deleted a comment from ThisNekoGuy May 23, 2024
@diamondburned
Copy link

I don't understand why this behavior is broken because of the CVE.

From what I understand, the CVE is specifically about putting the secret code in the command line, which applies when you either want to:

  1. Use a custom code when sending files, or
  2. Receive files using a code

The use case that this issue is about is sending files without specifying the code. In this case, the code would just be printed to standard output, so there shouldn't be any issues with the code being visible in the command flags.

Is this PR a regression?

@schollz
Copy link
Owner

schollz commented Jun 11, 2024

please file a new issue specifying the problem with the latest version of croc. there have been updates to it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@schollz @diamondburned @ThisNekoGuy