Hello, I found a warning-level message in socks5 code relating to malformed hostnames that did not respect the SafeLogging setting, breaking the rule of least surprise. Please review the attached simple patch. Andreas -- Andreas Stieger <astieger@xxxxxxxx> Project Manager Security SUSE Linux GmbH, GF: Felix ImendÃrffer, Jane Smithard, Graham Norton, HRB 21284 (AG NÃrnberg)
From 4ff76af350aa7813300ed91fc1ca90d7fad68a14 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <astieger@xxxxxxxx>
Date: Mon, 24 Aug 2015 01:04:44 +0200
Subject: [PATCH] Log malformed hostnames in socks5 request respecting
SafeLogging
---
changes/malformed-hostname-safe-logging | 3 +++
src/or/buffers.c | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
create mode 100644 changes/malformed-hostname-safe-logging
diff --git a/changes/malformed-hostname-safe-logging b/changes/malformed-hostname-safe-logging
new file mode 100644
index 0000000..9300726
--- /dev/null
+++ b/changes/malformed-hostname-safe-logging
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - When logging malformed hostnames in socks5 requests, respect
+ SafeLogging configuration
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 2d7dd93..85fcbc6 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1842,7 +1842,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
log_warn(LD_PROTOCOL,
"Your application (using socks5 to port %d) gave Tor "
"a malformed hostname: %s. Rejecting the connection.",
- req->port, escaped(req->address));
+ req->port, escaped_safe_str_client(req->address));
return -1;
}
if (log_sockstype)
--
2.1.4
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev