[tor-bugs] #26892 [Core Tor/Tor]: log_addr_has_changed() does not heed SafeLogging

[Tor Bug Tracker & Wiki]

#26892: log_addr_has_changed() does not heed SafeLogging
--------------------------+------------------------------------
 Reporter:  rl1987        |          Owner:  (none)
     Type:  defect        |         Status:  needs_revision
 Priority:  Medium        |      Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  tor-log       |  Actual Points:
Parent ID:                |         Points:
 Reviewer:  teor          |        Sponsor:
--------------------------+------------------------------------
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 log_addr_has_changed() is only called in server_mode():
 * router_new_address_suggestion() returns early if !server_mode()
 * router_new_address_suggestion() returns early if
 !router_get_my_routerinfo()

 Relay addresses are public, so there isn't any point scrubbing them from
 logs.

 Bridge addresses are not public, but the diagnostic value of the logs
 probably outweighs the occasional risk that operators copy unscrubbed
 addresses into tickets.

 I would take a patch to log_addr_has_changed() that exits early on clients
 as a precaution:
 {{{
   if (!server_mode(options)) {
     return;
   }
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26892#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online