Opened 10 years ago

Last modified 7 years ago

#1027 closed defect (Fixed)

tor logs data that it should not

Reported by: anonyuser Owned by:
Priority: High Milestone:
Component: Core Tor/Tor Version: 0.2.0.35
Severity: Keywords:
Cc: arma, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

[warn] Invalid hostname www.abcdefghijklmnop.onion; rejecting

Onion hostnames being accessed are confidential information. Tor should never log details of what's going through it to disk by default, even on error. All data like this should be masked unless debugging is enabled explicitly. This is a major breach of reasonable expectations.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (4)

comment:1 Changed 10 years ago by arma

Yes, we should fix this. Here's the patch:

--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1484,7 +1484,8 @@ connection_ap_handshake_rewrite_and_attach(edge_connection

addresstype = parse_extended_hostname(socks->address);


if (addresstype == BAD_HOSTNAME) {

  • log_warn(LD_APP, "Invalid hostname %s; rejecting", socks->address);

+ log_warn(LD_APP, "Invalid onion hostname %s; rejecting",
+ safe_str(socks->address));

control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",

escaped(socks->address));

connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);

comment:2 Changed 10 years ago by nickm

Applied as 258b980

comment:3 Changed 10 years ago by nickm

flyspray2trac: bug closed.

comment:4 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.