[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] first iteration of scrubbing sensitive strings from logs.
- To: or-cvs@xxxxxxxxxxxxx
- Subject: [or-cvs] first iteration of scrubbing sensitive strings from logs.
- From: arma@xxxxxxxx (Roger Dingledine)
- Date: Tue, 3 May 2005 06:04:17 -0400 (EDT)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Tue, 03 May 2005 06:04:56 -0400
- Reply-to: or-dev@xxxxxxxxxxxxx
- Sender: owner-or-cvs@xxxxxxxxxxxxx
Update of /home2/or/cvsroot/tor/src/or
In directory moria.mit.edu:/home2/arma/work/onion/cvs/tor/src/or
Modified Files:
buffers.c circuitbuild.c circuitlist.c circuituse.c command.c
config.c connection.c connection_edge.c connection_or.c
control.c dns.c main.c or.h relay.c rendclient.c rendcommon.c
rendmid.c router.c
Log Message:
first iteration of scrubbing sensitive strings from logs.
also generally clean up log messages.
Index: buffers.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/buffers.c,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -d -r1.151 -r1.152
--- buffers.c 3 May 2005 03:25:04 -0000 1.151
+++ buffers.c 3 May 2005 10:04:07 -0000 1.152
@@ -918,7 +918,7 @@
(int)strlen(tmpbuf));
return -1;
}
- log_fn(LOG_DEBUG,"socks4: successfully read destip (%s)", tmpbuf);
+ log_fn(LOG_DEBUG,"socks4: successfully read destip (%s)", safe_str(tmpbuf));
socks4_prot = socks4;
}
Index: circuitbuild.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/circuitbuild.c,v
retrieving revision 1.111
retrieving revision 1.112
diff -u -d -r1.111 -r1.112
--- circuitbuild.c 2 May 2005 22:39:59 -0000 1.111
+++ circuitbuild.c 3 May 2005 10:04:07 -0000 1.112
@@ -791,8 +791,6 @@
circ->state = CIRCUIT_STATE_OPEN;
- log_fn(LOG_DEBUG,"Entering.");
-
memcpy(cell.payload, payload,
cell_type == CELL_CREATED ? ONIONSKIN_REPLY_LEN : DIGEST_LEN*2);
@@ -1497,3 +1495,4 @@
return 0;
}
+
Index: circuitlist.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/circuitlist.c,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -d -r1.46 -r1.47
--- circuitlist.c 2 May 2005 22:35:18 -0000 1.46
+++ circuitlist.c 3 May 2005 10:04:07 -0000 1.47
@@ -356,7 +356,7 @@
/* return NULL; */
circ = circuit_get_by_conn(conn);
if (circ) {
- log_fn(LOG_WARN, "BUG: conn->on_circuit==NULL, but there was in fact a circuit there. ");
+ log_fn(LOG_WARN, "BUG: conn->on_circuit==NULL, but there was in fact a circuit there.");
}
return circ;
}
@@ -562,7 +562,7 @@
tor_assert(circ->state == CIRCUIT_STATE_OPEN);
/* treat this like getting a nack from it */
log_fn(LOG_INFO,"Failed intro circ %s to %s (awaiting ack). Removing from descriptor.",
- circ->rend_query, circ->build_state->chosen_exit_name);
+ safe_str(circ->rend_query), safe_str(circ->build_state->chosen_exit_name));
rend_client_remove_intro_point(circ->build_state->chosen_exit_name, circ->rend_query);
}
Index: circuituse.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/circuituse.c,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -d -r1.70 -r1.71
--- circuituse.c 26 Apr 2005 18:52:15 -0000 1.70
+++ circuituse.c 3 May 2005 10:04:07 -0000 1.71
@@ -666,8 +666,8 @@
/* Don't increment failure count, since Alice may have picked
* the rendezvous point maliciously */
log_fn(LOG_INFO,"Couldn't connect to Alice's chosen rend point %s (%s hop failed).",
- failed_at_last_hop?"last":"non-last",
- circ->build_state->chosen_exit_name);
+ circ->build_state->chosen_exit_name,
+ failed_at_last_hop?"last":"non-last");
rend_service_relaunch_rendezvous(circ);
break;
default:
@@ -838,7 +838,7 @@
if (router_exit_policy_all_routers_reject(addr, conn->socks_request->port,
need_uptime)) {
log_fn(LOG_NOTICE,"No Tor server exists that allows exit to %s:%d. Rejecting.",
- conn->socks_request->address, conn->socks_request->port);
+ safe_str(conn->socks_request->address), conn->socks_request->port);
return -1;
}
}
@@ -856,19 +856,20 @@
exitname = rend_client_get_random_intro(conn->rend_query);
if (!exitname) {
log_fn(LOG_INFO,"No intro points for '%s': refetching service descriptor.",
- conn->rend_query);
+ safe_str(conn->rend_query));
rend_client_refetch_renddesc(conn->rend_query);
conn->state = AP_CONN_STATE_RENDDESC_WAIT;
return 0;
}
if (!router_get_by_nickname(exitname)) {
log_fn(LOG_NOTICE,"Advertised intro point '%s' is not recognized for '%s'. Skipping over.",
- exitname, conn->rend_query);
+ exitname, safe_str(conn->rend_query));
rend_client_remove_intro_point(exitname, conn->rend_query);
tor_free(exitname);
goto try_an_intro_point;
}
- log_fn(LOG_INFO,"Chose %s as intro point for %s.", exitname, conn->rend_query);
+ log_fn(LOG_INFO,"Chose %s as intro point for %s.",
+ exitname, safe_str(conn->rend_query));
}
/* If we have specified a particular exit node for our
@@ -878,7 +879,8 @@
if (conn->chosen_exit_name) {
exitname = tor_strdup(conn->chosen_exit_name);
if (!router_get_by_nickname(exitname)) {
- log_fn(LOG_NOTICE,"Requested exit point '%s' is not known. Closing.", exitname);
+ log_fn(LOG_NOTICE,"Requested exit point '%s' is not known. Closing.",
+ exitname);
tor_free(exitname);
return -1;
}
Index: command.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/command.c,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -d -r1.85 -r1.86
--- command.c 2 May 2005 22:35:18 -0000 1.85
+++ command.c 3 May 2005 10:04:07 -0000 1.86
@@ -265,7 +265,7 @@
circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
if (!circ) {
- log_fn(LOG_INFO,"unknown circuit %d on connection to %s:%d. Dropping.",
+ log_fn(LOG_INFO,"unknown circuit %d on connection from %s:%d. Dropping.",
cell->circ_id, conn->address, conn->port);
return;
}
@@ -310,7 +310,7 @@
circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
if (!circ) {
- log_fn(LOG_INFO,"unknown circuit %d on connection to %s:%d. Dropping.",
+ log_fn(LOG_INFO,"unknown circuit %d on connection from %s:%d. Dropping.",
cell->circ_id, conn->address, conn->port);
return;
}
@@ -335,3 +335,4 @@
}
}
}
+
Index: config.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/config.c,v
retrieving revision 1.339
retrieving revision 1.340
diff -u -d -r1.339 -r1.340
--- config.c 3 May 2005 00:36:57 -0000 1.339
+++ config.c 3 May 2005 10:04:07 -0000 1.340
@@ -168,6 +168,7 @@
VAR("RecommendedVersions", LINELIST, RecommendedVersions, NULL),
VAR("RendNodes", STRING, RendNodes, NULL),
VAR("RendExcludeNodes", STRING, RendExcludeNodes, NULL),
+ VAR("SafeLogging", BOOL, SafeLogging, "1"),
VAR("ShutdownWaitLength", INTERVAL, ShutdownWaitLength, "30 seconds"),
VAR("SocksPort", UINT, SocksPort, "9050"),
VAR("SocksBindAddress", LINELIST, SocksBindAddress, NULL),
@@ -249,6 +250,17 @@
tor_free(config_fname);
}
+/** If options->SafeLogging is on, return a not very useful string,
+ * else return address.
+ */
+const char *
+safe_str(const char *address) {
+ if (get_options()->SafeLogging)
+ return "[scrubbed]";
+ else
+ return address;
+}
+
/** Fetch the active option list, and take actions based on it. All
* of the things we do should survive being done repeatedly.
* Return 0 if all goes well, return -1 if it's time to die.
@@ -930,7 +942,7 @@
print_usage(void)
{
printf(
-"Copyright 2001-2004 Roger Dingledine, Nick Mathewson, Matej Pfajfar.\n\n"
+"Copyright 2001-2005 Roger Dingledine, Nick Mathewson.\n\n"
"tor -f <torrc> [args]\n"
"See man page for options, or http://tor.eff.org/ for documentation.\n");
}
@@ -1617,8 +1629,8 @@
return -1;
}
- if (old->RunAsDaemon && !new_val->RunAsDaemon) {
- log_fn(LOG_WARN,"During reload, change from RunAsDaemon=1 to =0 not allowed. Failing.");
+ if (old->RunAsDaemon != new_val->RunAsDaemon) {
+ log_fn(LOG_WARN,"During reload, changing RunAsDaemon is not allowed. Failing.");
return -1;
}
@@ -1638,7 +1650,7 @@
}
if (!opt_streq(old->Group, new_val->Group)) {
- log_fn(LOG_WARN,"During reload, changing User is not allowed. Failing.");
+ log_fn(LOG_WARN,"During reload, changing Group is not allowed. Failing.");
return -1;
}
@@ -2173,7 +2185,7 @@
if (*nextp) {
nextp = &((*nextp)->next);
} else {
- log_fn(LOG_WARN,"Malformed policy %s.", ent);
+ log_fn(LOG_WARN,"Malformed policy '%s'.", ent);
r = -1;
}
});
Index: connection.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/connection.c,v
retrieving revision 1.367
retrieving revision 1.368
diff -u -d -r1.367 -r1.368
--- connection.c 2 May 2005 23:17:08 -0000 1.367
+++ connection.c 3 May 2005 10:04:07 -0000 1.368
@@ -173,12 +173,12 @@
{
if (conn->read_event) {
if (event_del(conn->read_event))
- log_fn(LOG_WARN, "Error removing read event for %d", (int)conn->s);
+ log_fn(LOG_WARN, "Error removing read event for %d", conn->s);
tor_free(conn->read_event);
}
if (conn->write_event) {
if (event_del(conn->write_event))
- log_fn(LOG_WARN, "Error removing write event for %d", (int)conn->s);
+ log_fn(LOG_WARN, "Error removing write event for %d", conn->s);
tor_free(conn->write_event);
}
}
@@ -670,7 +670,8 @@
return -1;
} else if (!SOCKET_IS_POLLABLE(s)) {
log_fn(LOG_WARN,
- "Too many connections; can't create pollable connection to %s", address);
+ "Too many connections; can't create pollable connection to %s",
+ safe_str(address));
tor_close_socket(s);
return -1;
}
@@ -700,13 +701,13 @@
dest_addr.sin_port = htons(port);
dest_addr.sin_addr.s_addr = htonl(addr);
- log_fn(LOG_DEBUG,"Connecting to %s:%u.",address,port);
+ log_fn(LOG_DEBUG,"Connecting to %s:%u.",safe_str(address),port);
if (connect(s,(struct sockaddr *)&dest_addr,sizeof(dest_addr)) < 0) {
int e = tor_socket_errno(s);
if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
/* yuck. kill it. */
- log_fn(LOG_INFO,"Connect() to %s:%u failed: %s",address,port,
+ log_fn(LOG_INFO,"Connect() to %s:%u failed: %s",safe_str(address),port,
tor_socket_strerror(e));
tor_close_socket(s);
return -1;
@@ -721,7 +722,7 @@
}
/* it succeeded. we're connected. */
- log_fn(LOG_INFO,"Connection to %s:%u established.",address,port);
+ log_fn(LOG_INFO,"Connection to %s:%u established.",safe_str(address),port);
conn->s = s;
if (connection_add(conn) < 0) /* no space, forget it */
return -1;
Index: connection_edge.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/connection_edge.c,v
retrieving revision 1.321
retrieving revision 1.322
diff -u -d -r1.321 -r1.322
--- connection_edge.c 26 Apr 2005 18:52:15 -0000 1.321
+++ connection_edge.c 3 May 2005 10:04:07 -0000 1.322
@@ -265,7 +265,7 @@
tor_assert(conn->state == EXIT_CONN_STATE_CONNECTING);
log_fn(LOG_INFO,"Exit connection to %s:%u established.",
- conn->address,conn->port);
+ safe_str(conn->address),conn->port);
conn->state = EXIT_CONN_STATE_OPEN;
connection_watch_events(conn, EV_READ); /* stop writing, continue reading */
@@ -326,14 +326,15 @@
circ = circuit_get_by_edge_conn(conn);
if (!circ) { /* it's vanished? */
log_fn(LOG_INFO,"Conn is waiting (address %s), but lost its circ.",
- conn->socks_request->address);
+ safe_str(conn->socks_request->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
continue;
}
if (circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
if (now - conn->timestamp_lastread > 45) {
log_fn(LOG_NOTICE,"Rend stream is %d seconds late. Giving up on address '%s'.",
- (int)(now - conn->timestamp_lastread), conn->socks_request->address);
+ (int)(now - conn->timestamp_lastread),
+ safe_str(conn->socks_request->address));
connection_edge_end(conn, END_STREAM_REASON_TIMEOUT, conn->cpath_layer);
connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
}
@@ -341,7 +342,8 @@
}
tor_assert(circ->purpose == CIRCUIT_PURPOSE_C_GENERAL);
log_fn(LOG_NOTICE,"Stream is %d seconds late on address '%s'. Retrying.",
- (int)(now - conn->timestamp_lastread), conn->socks_request->address);
+ (int)(now - conn->timestamp_lastread),
+ safe_str(conn->socks_request->address));
circuit_log_path(LOG_NOTICE, circ);
/* send an end down the circuit */
connection_edge_end(conn, END_STREAM_REASON_TIMEOUT, conn->cpath_layer);
@@ -546,11 +548,11 @@
return; /* done, no rewrite needed */
log_fn(LOG_INFO, "Addressmap: rewriting '%s' to '%s'",
- address, ent->new_address);
+ safe_str(address), safe_str(ent->new_address));
strlcpy(address, ent->new_address, maxlen);
}
log_fn(LOG_WARN,"Loop detected: we've rewritten '%s' 16 times! Using it as-is.",
- address);
+ safe_str(address));
/* it's fine to rewrite a rewrite, but don't loop forever */
}
@@ -588,7 +590,8 @@
strmap_set(addressmap, address, ent);
} else if (ent->new_address) { /* we need to clean up the old mapping. */
if (expires > 1) {
- log_fn(LOG_INFO,"Temporary addressmap ('%s' to '%s') not performed, since it's already mapped to '%s'", address, new_address, ent->new_address);
+ log_fn(LOG_INFO,"Temporary addressmap ('%s' to '%s') not performed, since it's already mapped to '%s'",
+ safe_str(address), safe_str(new_address), safe_str(ent->new_address));
tor_free(new_address);
return;
}
@@ -606,7 +609,7 @@
ent->num_resolve_failures = 0;
log_fn(LOG_INFO, "Addressmap: (re)mapped '%s' to '%s'",
- address, ent->new_address);
+ safe_str(address), safe_str(ent->new_address));
}
/** An attempt to resolve <b>address</b> failed at some OR.
@@ -624,7 +627,7 @@
}
++ent->num_resolve_failures;
log_fn(LOG_INFO,"Address %s now has %d resolve failures.",
- address, ent->num_resolve_failures);
+ safe_str(address), ent->num_resolve_failures);
return ent->num_resolve_failures;
}
@@ -768,7 +771,8 @@
return tor_strdup(*addrp);
} else
log_fn(LOG_WARN, "Internal confusion: I thought that '%s' was mapped to by '%s', but '%s' really maps to '%s'. This is a harmless bug.",
- new_address, *addrp, *addrp, ent?ent->new_address:"(nothing)");
+ safe_str(new_address), safe_str(*addrp), safe_str(*addrp),
+ ent?safe_str(ent->new_address):"(nothing)");
}
tor_free(*addrp);
@@ -786,7 +790,8 @@
tor_assert(!strcasecmp(*addrp,
(type == RESOLVED_TYPE_IPV4) ?
vent->ipv4_address : vent->hostname_address));
- log_fn(LOG_INFO, "Map from %s to %s okay.",*addrp,new_address);
+ log_fn(LOG_INFO, "Map from %s to %s okay.",
+ safe_str(*addrp),safe_str(new_address));
}
#endif
@@ -896,7 +901,7 @@
* information.
*/
log_fn(LOG_WARN,"Missing mapping for virtual address '%s'. Refusing.",
- socks->address);
+ socks->address); /* don't safe_str() this yet. */
connection_mark_unattached_ap(conn, END_STREAM_REASON_INTERNAL);
return -1;
}
@@ -910,7 +915,8 @@
/* .exit -- modify conn to specify the exit node. */
char *s = strrchr(socks->address,'.');
if (!s || s[1] == '\0') {
- log_fn(LOG_WARN,"Malformed exit address '%s'. Refusing.", socks->address);
+ log_fn(LOG_WARN,"Malformed exit address '%s'. Refusing.",
+ safe_str(socks->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return -1;
}
@@ -922,7 +928,8 @@
/* not a hidden-service request (i.e. normal or .exit) */
if (address_is_invalid_destination(socks->address)) {
- log_fn(LOG_WARN,"Destination '%s' seems to be an invalid hostname. Failing.", socks->address);
+ log_fn(LOG_WARN,"Destination '%s' seems to be an invalid hostname. Failing.",
+ safe_str(socks->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return -1;
}
@@ -981,17 +988,20 @@
}
strlcpy(conn->rend_query, socks->address, sizeof(conn->rend_query));
- log_fn(LOG_INFO,"Got a hidden service request for ID '%s'", conn->rend_query);
+ log_fn(LOG_INFO,"Got a hidden service request for ID '%s'",
+ safe_str(conn->rend_query));
/* see if we already have it cached */
r = rend_cache_lookup_entry(conn->rend_query, &entry);
if (r<0) {
- log_fn(LOG_WARN,"Invalid service descriptor %s", conn->rend_query);
+ log_fn(LOG_WARN,"Invalid service descriptor %s",
+ safe_str(conn->rend_query));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return -1;
}
if (r==0) {
conn->state = AP_CONN_STATE_RENDDESC_WAIT;
- log_fn(LOG_INFO, "Unknown descriptor %s. Fetching.", conn->rend_query);
+ log_fn(LOG_INFO, "Unknown descriptor %s. Fetching.",
+ safe_str(conn->rend_query));
rend_client_refetch_renddesc(conn->rend_query);
return 0;
}
@@ -1007,7 +1017,8 @@
return 0;
} else {
conn->state = AP_CONN_STATE_RENDDESC_WAIT;
- log_fn(LOG_INFO, "Stale descriptor %s. Refetching.", conn->rend_query);
+ log_fn(LOG_INFO, "Stale descriptor %s. Refetching.",
+ safe_str(conn->rend_query));
rend_client_refetch_renddesc(conn->rend_query);
return 0;
}
@@ -1131,7 +1142,7 @@
int fd[2];
connection_t *conn;
- log_fn(LOG_INFO,"Making AP bridge to %s:%d ...",address,port);
+ log_fn(LOG_INFO,"Making AP bridge to %s:%d ...",safe_str(address),port);
if (tor_socketpair(AF_UNIX, SOCK_STREAM, 0, fd) < 0) {
log(LOG_WARN,"Couldn't construct socketpair (%s). Network down? Delaying.",
@@ -1469,7 +1480,8 @@
if (!connection_edge_is_rendezvous_stream(conn) &&
router_compare_to_my_exit_policy(conn) == ADDR_POLICY_REJECTED) {
- log_fn(LOG_INFO,"%s:%d failed exit policy. Closing.", conn->address, conn->port);
+ log_fn(LOG_INFO,"%s:%d failed exit policy. Closing.",
+ safe_str(conn->address), conn->port);
connection_edge_end(conn, END_STREAM_REASON_EXITPOLICY, conn->cpath_layer);
circuit_detach_stream(circuit_get_by_edge_conn(conn), conn);
connection_free(conn);
@@ -1491,7 +1503,7 @@
in.s_addr = htonl(addr);
tor_inet_ntoa(&in, tmpbuf, sizeof(tmpbuf));
log_fn(LOG_DEBUG, "Redirecting connection from %s:%d to %s:%d",
- conn->address, conn->port, tmpbuf, port);
+ safe_str(conn->address), conn->port, safe_str(tmpbuf), port);
}
break;
}
@@ -1525,12 +1537,14 @@
/* also, deliver a 'connected' cell back through the circuit. */
if (connection_edge_is_rendezvous_stream(conn)) { /* rendezvous stream */
/* don't send an address back! */
- connection_edge_send_command(conn, circuit_get_by_edge_conn(conn), RELAY_COMMAND_CONNECTED,
+ connection_edge_send_command(conn, circuit_get_by_edge_conn(conn),
+ RELAY_COMMAND_CONNECTED,
NULL, 0, conn->cpath_layer);
} else { /* normal stream */
/* This must be the original address, not the redirected address. */
*(uint32_t*)connected_payload = htonl(conn->addr);
- connection_edge_send_command(conn, circuit_get_by_edge_conn(conn), RELAY_COMMAND_CONNECTED,
+ connection_edge_send_command(conn, circuit_get_by_edge_conn(conn),
+ RELAY_COMMAND_CONNECTED,
connected_payload, 4, conn->cpath_layer);
}
}
@@ -1558,7 +1572,7 @@
tor_assert(exit);
log_fn(LOG_DEBUG,"considering nickname %s, for address %s / port %d:",
- exit->nickname, conn->socks_request->address,
+ exit->nickname, safe_str(conn->socks_request->address),
conn->socks_request->port);
/* If a particular exit node has been requested for the new connection,
Index: connection_or.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/connection_or.c,v
retrieving revision 1.172
retrieving revision 1.173
diff -u -d -r1.172 -r1.173
--- connection_or.c 26 Apr 2005 18:52:15 -0000 1.172
+++ connection_or.c 3 May 2005 10:04:07 -0000 1.173
@@ -322,7 +322,7 @@
if (server_mode(options) && (me=router_get_my_routerinfo()) &&
!memcmp(me->identity_digest, id_digest,DIGEST_LEN)) {
- log_fn(LOG_WARN,"Bug: Client asked me to connect to myself! Refusing.");
+ log_fn(LOG_WARN,"Client asked me to connect to myself! Refusing.");
return NULL;
}
Index: control.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/control.c,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -d -r1.80 -r1.81
--- control.c 2 May 2005 21:22:31 -0000 1.80
+++ control.c 3 May 2005 10:04:08 -0000 1.81
@@ -579,7 +579,8 @@
tor_strdup(to));
if (!addr) {
log_fn(LOG_WARN,
- "Unable to allocate address for '%s' in MapAddress msg",line);
+ "Unable to allocate address for '%s' in MapAddress msg",
+ safe_str(line));
} else {
size_t anslen = strlen(addr)+strlen(to)+2;
char *ans = tor_malloc(anslen);
Index: dns.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/dns.c,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -d -r1.151 -r1.152
--- dns.c 3 May 2005 03:51:19 -0000 1.151
+++ dns.c 3 May 2005 10:04:08 -0000 1.152
@@ -137,9 +137,9 @@
while (oldest_cached_resolve && (oldest_cached_resolve->expire < now)) {
resolve = oldest_cached_resolve;
log(LOG_DEBUG,"Forgetting old cached resolve (address %s, expires %lu)",
- resolve->address, (unsigned long)resolve->expire);
+ safe_str(resolve->address), (unsigned long)resolve->expire);
if (resolve->state == CACHE_STATE_PENDING) {
- log_fn(LOG_WARN,"Bug: Expiring a dns resolve ('%s') that's still pending. Forgot to cull it?", resolve->address);
+ log_fn(LOG_WARN,"Bug: Expiring a dns resolve ('%s') that's still pending. Forgot to cull it?", safe_str(resolve->address));
tor_fragile_assert();
}
if (resolve->pending_connections) {
@@ -259,19 +259,19 @@
pending_connection->next = resolve->pending_connections;
resolve->pending_connections = pending_connection;
log_fn(LOG_DEBUG,"Connection (fd %d) waiting for pending DNS resolve of '%s'",
- exitconn->s, exitconn->address);
+ exitconn->s, safe_str(exitconn->address));
exitconn->state = EXIT_CONN_STATE_RESOLVING;
return 0;
case CACHE_STATE_VALID:
exitconn->addr = resolve->addr;
log_fn(LOG_DEBUG,"Connection (fd %d) found cached answer for '%s'",
- exitconn->s, exitconn->address);
+ exitconn->s, safe_str(exitconn->address));
if (exitconn->purpose == EXIT_PURPOSE_RESOLVE)
send_resolved_cell(exitconn, RESOLVED_TYPE_IPV4);
return 1;
case CACHE_STATE_FAILED:
log_fn(LOG_DEBUG,"Connection (fd %d) found cached error for '%s'",
- exitconn->s, exitconn->address);
+ exitconn->s, safe_str(exitconn->address));
if (exitconn->purpose == EXIT_PURPOSE_RESOLVE)
send_resolved_cell(exitconn, RESOLVED_TYPE_ERROR);
circ = circuit_get_by_edge_conn(exitconn);
@@ -322,7 +322,7 @@
}
log_fn(LOG_DEBUG, "Connection (fd %d) needs to resolve '%s'; assigning to DNSWorker (fd %d)",
- exitconn->s, exitconn->address, dnsconn->s);
+ exitconn->s, safe_str(exitconn->address), dnsconn->s);
tor_free(dnsconn->address);
dnsconn->address = tor_strdup(exitconn->address);
@@ -333,7 +333,6 @@
connection_write_to_buf(&len, 1, dnsconn);
connection_write_to_buf(dnsconn->address, len, dnsconn);
-// log_fn(LOG_DEBUG,"submitted '%s'", exitconn->address);
return 0;
}
@@ -352,7 +351,7 @@
resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
if (!resolve) {
- log_fn(LOG_NOTICE,"Address '%s' is not pending. Dropping.", conn->address);
+ log_fn(LOG_NOTICE,"Address '%s' is not pending. Dropping.", safe_str(conn->address));
return;
}
@@ -365,7 +364,7 @@
resolve->pending_connections = pend->next;
tor_free(pend);
log_fn(LOG_DEBUG, "First connection (fd %d) no longer waiting for resolve of '%s'",
- conn->s, conn->address);
+ conn->s, safe_str(conn->address));
return;
} else {
for ( ; pend->next; pend = pend->next) {
@@ -374,7 +373,7 @@
pend->next = victim->next;
tor_free(victim);
log_fn(LOG_DEBUG, "Connection (fd %d) no longer waiting for resolve of '%s'",
- conn->s, conn->address);
+ conn->s, safe_str(conn->address));
return; /* more are pending */
}
}
@@ -429,13 +428,14 @@
resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
if (!resolve) {
- log_fn(LOG_NOTICE,"Address '%s' is not pending. Dropping.", address);
+ log_fn(LOG_NOTICE,"Address '%s' is not pending. Dropping.", safe_str(address));
return;
}
if (!resolve->pending_connections) {
/* XXX this should never trigger, but sometimes it does */
- log_fn(LOG_WARN,"Bug: Address '%s' is pending but has no pending connections!", address);
+ log_fn(LOG_WARN,"Bug: Address '%s' is pending but has no pending connections!",
+ safe_str(address));
tor_fragile_assert();
return;
}
@@ -443,7 +443,7 @@
/* mark all pending connections to fail */
log_fn(LOG_DEBUG, "Failing all connections waiting on DNS resolve of '%s'",
- address);
+ safe_str(address));
while (resolve->pending_connections) {
pend = resolve->pending_connections;
pend->conn->state = EXIT_CONN_STATE_RESOLVEFAILED;
@@ -508,7 +508,8 @@
resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
if (!resolve) {
- log_fn(LOG_INFO,"Resolved unasked address '%s'; caching anyway.", address);
+ log_fn(LOG_INFO,"Resolved unasked address '%s'; caching anyway.",
+ safe_str(address));
resolve = tor_malloc_zero(sizeof(struct cached_resolve));
resolve->state = (outcome == DNS_RESOLVE_SUCCEEDED) ?
CACHE_STATE_VALID : CACHE_STATE_FAILED;
@@ -522,7 +523,7 @@
/* XXXX Maybe update addr? or check addr for consistency? Or let
* VALID replace FAILED? */
log_fn(LOG_NOTICE, "Resolved '%s' which was already resolved; ignoring",
- address);
+ safe_str(address));
tor_assert(resolve->pending_connections == NULL);
return;
}
@@ -633,7 +634,7 @@
if (conn->state != DNSWORKER_STATE_BUSY && buf_datalen(conn->inbuf)) {
log_fn(LOG_WARN,"Bug: read data (%d bytes) from an idle dns worker (fd %d, address '%s'). Please report.",
- (int)buf_datalen(conn->inbuf), conn->s, conn->address);
+ (int)buf_datalen(conn->inbuf), conn->s, safe_str(conn->address));
tor_fragile_assert();
/* Pull it off the buffer anyway, or it will just stay there.
@@ -643,7 +644,7 @@
connection_fetch_from_buf(&success,1,conn);
connection_fetch_from_buf((char *)&addr,sizeof(uint32_t),conn);
log_fn(LOG_WARN,"Discarding idle dns answer (success %d, addr %d.)",
- success, addr);
+ success, addr); // XXX safe_str
}
return 0;
}
@@ -656,7 +657,7 @@
connection_fetch_from_buf((char *)&addr,sizeof(uint32_t),conn);
log_fn(LOG_DEBUG, "DNSWorker (fd %d) returned answer for '%s'",
- conn->s, conn->address);
+ conn->s, safe_str(conn->address));
tor_assert(success >= DNS_RESOLVE_FAILED_TRANSIENT);
tor_assert(success <= DNS_RESOLVE_SUCCEEDED);
@@ -754,15 +755,15 @@
switch (result) {
case 1:
/* XXX result can never be 1, because we set it to -1 above on error */
- log_fn(LOG_INFO,"Could not resolve dest addr %s (transient).",address);
+ log_fn(LOG_INFO,"Could not resolve dest addr %s (transient).",safe_str(address));
answer[0] = DNS_RESOLVE_FAILED_TRANSIENT;
break;
case -1:
- log_fn(LOG_INFO,"Could not resolve dest addr %s (permanent).",address);
+ log_fn(LOG_INFO,"Could not resolve dest addr %s (permanent).",safe_str(address));
answer[0] = DNS_RESOLVE_FAILED_PERMANENT;
break;
case 0:
- log_fn(LOG_INFO,"Resolved address '%s'.",address);
+ log_fn(LOG_INFO,"Resolved address '%s'.",safe_str(address));
answer[0] = DNS_RESOLVE_SUCCEEDED;
break;
}
Index: main.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/main.c,v
retrieving revision 1.491
retrieving revision 1.492
diff -u -d -r1.491 -r1.492
--- main.c 3 May 2005 03:51:19 -0000 1.491
+++ main.c 3 May 2005 10:04:08 -0000 1.492
@@ -252,7 +252,7 @@
if (r<0)
log_fn(LOG_WARN,
"Error from libevent setting read event state for %d to %swatched.",
- (int)conn->s, (events & EV_READ)?"":"un");
+ conn->s, (events & EV_READ)?"":"un");
if (events & EV_WRITE) {
r = event_add(conn->write_event, NULL);
@@ -263,7 +263,7 @@
if (r<0)
log_fn(LOG_WARN,
"Error from libevent setting read event state for %d to %swatched.",
- (int)conn->s, (events & EV_WRITE)?"":"un");
+ conn->s, (events & EV_WRITE)?"":"un");
}
/** Return true iff <b>conn</b> is listening for read events. */
@@ -281,7 +281,7 @@
log(LOG_DEBUG,"connection_stop_reading() called.");
if (event_del(conn->read_event))
log_fn(LOG_WARN, "Error from libevent setting read event state for %d to unwatched.",
- (int)conn->s);
+ conn->s);
}
/** Tell the main loop to start notifying <b>conn</b> of any read events. */
@@ -291,7 +291,7 @@
if (event_add(conn->read_event, NULL))
log_fn(LOG_WARN, "Error from libevent setting read event state for %d to watched.",
- (int)conn->s);
+ conn->s);
}
/** Return true iff <b>conn</b> is listening for write events. */
@@ -308,7 +308,7 @@
if (event_del(conn->write_event))
log_fn(LOG_WARN, "Error from libevent setting write event state for %d to unwatched.",
- (int)conn->s);
+ conn->s);
}
@@ -319,7 +319,7 @@
if (event_add(conn->write_event, NULL))
log_fn(LOG_WARN, "Error from libevent setting write event state for %d to watched.",
- (int)conn->s);
+ conn->s);
}
/** Close all connections that have been scheduled to get closed */
@@ -442,7 +442,8 @@
}
if (connection_wants_to_flush(conn)) {
log_fn(LOG_NOTICE,"Conn (addr %s, fd %d, type %s, state %d) is being closed, but there are still %d bytes we can't write. (Marked at %s:%d)",
- conn->address, conn->s, conn_type_to_string(conn->type), conn->state,
+ safe_str(conn->address), conn->s, conn_type_to_string(conn->type),
+ conn->state,
(int)buf_datalen(conn->outbuf), conn->marked_for_close_file,
conn->marked_for_close);
}
@@ -466,7 +467,7 @@
while ((conn = connection_get_by_type_state(CONN_TYPE_AP,
AP_CONN_STATE_CIRCUIT_WAIT))) {
log_fn(LOG_NOTICE,"Network down? Failing connection to '%s:%d'.",
- conn->socks_request->address, conn->socks_request->port);
+ safe_str(conn->socks_request->address), conn->socks_request->port);
connection_mark_unattached_ap(conn, END_STREAM_REASON_NET_UNREACHABLE);
}
}
@@ -553,7 +554,8 @@
if (conn->type == CONN_TYPE_DIR &&
!conn->marked_for_close &&
conn->timestamp_lastwritten + 5*60 < now) {
- log_fn(LOG_INFO,"Expiring wedged directory conn (fd %d, purpose %d)", conn->s, conn->purpose);
+ log_fn(LOG_INFO,"Expiring wedged directory conn (fd %d, purpose %d)",
+ conn->s, conn->purpose);
connection_mark_for_close(conn);
return;
}
@@ -1066,7 +1068,7 @@
i, conn->s, conn->type, conn_type_to_string(conn->type),
conn->state, conn_state_to_string(conn->type, conn->state), (int)(now - conn->timestamp_created));
if (!connection_is_listener(conn)) {
- log(severity,"Conn %d is to '%s:%d'.",i,conn->address, conn->port);
+ log(severity,"Conn %d is to '%s:%d'.",i,safe_str(conn->address), conn->port);
log(severity,"Conn %d: %d bytes waiting on inbuf (last read %d secs ago)",i,
(int)buf_datalen(conn->inbuf),
(int)(now - conn->timestamp_lastread));
Index: or.h
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/or.h,v
retrieving revision 1.602
retrieving revision 1.603
diff -u -d -r1.602 -r1.603
--- or.h 3 May 2005 03:51:20 -0000 1.602
+++ or.h 3 May 2005 10:04:08 -0000 1.603
@@ -1093,6 +1093,8 @@
* to cope? (1) */
int ShutdownWaitLength; /**< When we get a SIGINT and we're a server, how
* long do we wait before exiting? */
+ int SafeLogging; /**< Boolean: are we allowed to log sensitive strings
+ * such as addresses (0), or do we scrub them first (1)? */
} or_options_t;
#define MAX_SOCKS_REPLY_LEN 1024
@@ -1242,6 +1244,7 @@
void set_options(or_options_t *new_val);
int options_act(void);
void config_free_all(void);
+const char *safe_str(const char *address);
int config_get_lines(char *string, struct config_line_t **result);
void config_free_lines(struct config_line_t *front);
Index: relay.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/relay.c,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -d -r1.66 -r1.67
--- relay.c 2 May 2005 22:35:18 -0000 1.66
+++ relay.c 3 May 2005 10:04:08 -0000 1.67
@@ -607,7 +607,7 @@
return -1;
}
log_fn(LOG_INFO,"Address '%s' refused due to '%s'. Considering retrying.",
- conn->socks_request->address,
+ safe_str(conn->socks_request->address),
connection_edge_end_reason_str(reason));
exitrouter = router_get_by_digest(circ->build_state->chosen_exit_digest);
if (!exitrouter) {
@@ -620,7 +620,7 @@
uint32_t addr = ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+1));
if (!addr) {
log_fn(LOG_INFO,"Address '%s' resolved to 0.0.0.0. Closing,",
- conn->socks_request->address);
+ safe_str(conn->socks_request->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return 0;
}
@@ -654,7 +654,7 @@
/* else, conn will get closed below */
} else {
log_fn(LOG_NOTICE,"Have tried resolving address '%s' at %d different places. Giving up.",
- conn->socks_request->address, MAX_RESOLVE_FAILURES);
+ safe_str(conn->socks_request->address), MAX_RESOLVE_FAILURES);
}
break;
case END_STREAM_REASON_HIBERNATING:
Index: rendclient.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/rendclient.c,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -d -r1.85 -r1.86
--- rendclient.c 2 May 2005 22:35:18 -0000 1.85
+++ rendclient.c 3 May 2005 10:04:08 -0000 1.86
@@ -67,7 +67,7 @@
if (rend_cache_lookup_entry(introcirc->rend_query, &entry) < 1) {
log_fn(LOG_WARN,"query '%s' didn't have valid rend desc in cache. Failing.",
- introcirc->rend_query);
+ safe_str(introcirc->rend_query));
goto err;
}
@@ -216,16 +216,17 @@
nickname = rend_client_get_random_intro(circ->rend_query);
tor_assert(nickname);
log_fn(LOG_INFO,"Got nack for %s from %s, extending to %s.",
- circ->rend_query, circ->build_state->chosen_exit_name, nickname);
+ safe_str(circ->rend_query),
+ circ->build_state->chosen_exit_name, nickname);
if (!(r = router_get_by_nickname(nickname))) {
log_fn(LOG_WARN, "Advertised intro point '%s' for %s is not known. Closing.",
- nickname, circ->rend_query);
+ nickname, safe_str(circ->rend_query));
tor_free(nickname);
circuit_mark_for_close(circ);
return -1;
}
log_fn(LOG_INFO, "Chose new intro point %s for %s (circ %d)",
- nickname, circ->rend_query, circ->n_circ_id);
+ nickname, safe_str(circ->rend_query), circ->n_circ_id);
tor_free(nickname);
return circuit_extend_to_new_exit(circ, r);
}
@@ -241,7 +242,7 @@
rend_client_refetch_renddesc(const char *query)
{
if (connection_get_by_type_state_rendquery(CONN_TYPE_DIR, 0, query)) {
- log_fn(LOG_INFO,"Would fetch a new renddesc here (for %s), but one is already in progress.", query);
+ log_fn(LOG_INFO,"Would fetch a new renddesc here (for %s), but one is already in progress.", safe_str(query));
} else {
/* not one already; initiate a dir rend desc lookup */
directory_get_from_dirserver(DIR_PURPOSE_FETCH_RENDDESC, query, 1);
@@ -263,11 +264,12 @@
r = rend_cache_lookup_entry(query, &ent);
if (r<0) {
- log_fn(LOG_WARN, "Malformed service ID '%s'", query);
+ log_fn(LOG_WARN, "Malformed service ID '%s'", safe_str(query));
return -1;
}
if (r==0) {
- log_fn(LOG_INFO, "Unknown service %s. Re-fetching descriptor.", query);
+ log_fn(LOG_INFO, "Unknown service %s. Re-fetching descriptor.",
+ safe_str(query));
rend_client_refetch_renddesc(query);
return 0;
}
@@ -282,7 +284,8 @@
}
if (!ent->parsed->n_intro_points) {
- log_fn(LOG_INFO,"No more intro points remain for %s. Re-fetching descriptor.", query);
+ log_fn(LOG_INFO,"No more intro points remain for %s. Re-fetching descriptor.",
+ safe_str(query));
rend_client_refetch_renddesc(query);
/* move all pending streams back to renddesc_wait */
@@ -293,7 +296,8 @@
return 0;
}
- log_fn(LOG_INFO,"%d options left for %s.", ent->parsed->n_intro_points, query);
+ log_fn(LOG_INFO,"%d options left for %s.",
+ ent->parsed->n_intro_points, safe_str(query));
return 1;
}
@@ -406,7 +410,7 @@
}
tor_assert(conn->state != AP_CONN_STATE_RENDDESC_WAIT); /* avoid loop */
} else { /* 404, or fetch didn't get that far */
- log_fn(LOG_NOTICE,"Closing stream for '%s.onion': hidden service is unavailable (try again later).", query);
+ log_fn(LOG_NOTICE,"Closing stream for '%s.onion': hidden service is unavailable (try again later).", safe_str(query));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
}
}
@@ -423,7 +427,8 @@
rend_cache_entry_t *entry;
if (rend_cache_lookup_entry(query, &entry) < 1) {
- log_fn(LOG_WARN,"query '%s' didn't have valid rend desc in cache. Failing.", query);
+ log_fn(LOG_WARN,"query '%s' didn't have valid rend desc in cache. Failing.",
+ safe_str(query));
return NULL;
}
Index: rendcommon.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/rendcommon.c,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -d -r1.46 -r1.47
--- rendcommon.c 3 Apr 2005 05:36:23 -0000 1.46
+++ rendcommon.c 3 May 2005 10:04:08 -0000 1.47
@@ -280,23 +280,24 @@
}
now = time(NULL);
if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
- log_fn(LOG_WARN,"Service descriptor %s is too old", query);
+ log_fn(LOG_WARN,"Service descriptor %s is too old", safe_str(query));
rend_service_descriptor_free(parsed);
return -1;
}
if (parsed->timestamp > now+REND_CACHE_MAX_SKEW) {
- log_fn(LOG_WARN,"Service descriptor %s is too far in the future", query);
+ log_fn(LOG_WARN,"Service descriptor %s is too far in the future",
+ safe_str(query));
rend_service_descriptor_free(parsed);
return -1;
}
e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, query);
if (e && e->parsed->timestamp > parsed->timestamp) {
- log_fn(LOG_INFO,"We already have a newer service descriptor %s with the same ID", query);
+ log_fn(LOG_INFO,"We already have a newer service descriptor %s with the same ID", safe_str(query));
rend_service_descriptor_free(parsed);
return 0;
}
if (e && e->len == desc_len && !memcmp(desc,e->desc,desc_len)) {
- log_fn(LOG_INFO,"We already have this service descriptor %s", query);
+ log_fn(LOG_INFO,"We already have this service descriptor %s", safe_str(query));
e->received = time(NULL);
rend_service_descriptor_free(parsed);
return 0;
@@ -314,7 +315,8 @@
e->desc = tor_malloc(desc_len);
memcpy(e->desc, desc, desc_len);
- log_fn(LOG_INFO,"Successfully stored rend desc '%s', len %d", query, (int)desc_len);
+ log_fn(LOG_INFO,"Successfully stored rend desc '%s', len %d",
+ safe_str(query), (int)desc_len);
return 1;
}
Index: rendmid.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/rendmid.c,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -d -r1.36 -r1.37
--- rendmid.c 1 Apr 2005 20:15:55 -0000 1.36
+++ rendmid.c 3 May 2005 10:04:08 -0000 1.37
@@ -77,7 +77,7 @@
while ((c = circuit_get_next_by_pk_and_purpose(
c,pk_digest,CIRCUIT_PURPOSE_INTRO_POINT))) {
log_fn(LOG_INFO, "Replacing old circuit %d for service %s",
- c->p_circ_id, serviceid);
+ c->p_circ_id, safe_str(serviceid));
circuit_mark_for_close(c);
}
@@ -95,7 +95,7 @@
log_fn(LOG_INFO,
"Established introduction point on circuit %d for service %s",
- circ->p_circ_id, serviceid);
+ circ->p_circ_id, safe_str(serviceid));
return 0;
truncated:
@@ -140,13 +140,13 @@
if (!intro_circ) {
log_fn(LOG_WARN,
"No intro circ found for INTRODUCE1 cell (%s) from circuit %d; responding with nack",
- serviceid, circ->p_circ_id);
+ safe_str(serviceid), circ->p_circ_id);
goto err;
}
log_fn(LOG_INFO,
"Sending introduction request for service %s from circ %d to circ %d",
- serviceid, circ->p_circ_id, intro_circ->p_circ_id);
+ safe_str(serviceid), circ->p_circ_id, intro_circ->p_circ_id);
/* Great. Now we just relay the cell down the circuit. */
if (connection_edge_send_command(NULL, intro_circ,
Index: router.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/router.c,v
retrieving revision 1.169
retrieving revision 1.170
diff -u -d -r1.169 -r1.170
--- router.c 2 May 2005 21:22:31 -0000 1.169
+++ router.c 3 May 2005 10:04:08 -0000 1.170
@@ -616,7 +616,6 @@
return router_compare_addr_to_addr_policy(conn->addr, conn->port,
desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED;
-
}
/** Return true iff <b>router</b> has the same nickname as this OR. (For an