[tor-commits] [meek/master] Don't show error text that may contain public IPs.

dcf at torproject.org dcf at torproject.org
Mon Sep 29 17:30:59 UTC 2014 

commit 05f244a5bfa137da662a8296a34f13e58aa23137
Author: David Fifield <david at bamsoftware.com>
Date:   Mon Sep 29 10:18:36 2014 -0700

    Don't show error text that may contain public IPs.
    
    The error messages looked like these:
    
    2014/09/28 22:33:46 copying body to ORPort: write tcp 127.0.0.1:YYYY: connection reset by peer
    2014/09/29 01:53:17 copying body to ORPort: read tcp X.X.X.X:YYYY: i/o timeout
    2014/09/29 03:27:00 writing to response: write tcp X.X.X.X:YYYY: broken pipe
    2014/09/29 06:39:53 writing to response: write tcp X.X.X.X:YYYY: i/o timeout
    
    I don't know how to keep the e.g. "connection reset by peer" part
    without keeping the IP, so just leave the whole thing off. The "copying
    body to ORPort" message in the "write tcp" case message only has a
    localhost IP, but treat it the same way.
    
    The "reading from ORPort" error only ever has a localhost IP, so I'm
    leaving it in.
---
 meek-server/meek-server.go |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go
index 44abbb0..81a1757 100644
--- a/meek-server/meek-server.go
+++ b/meek-server/meek-server.go
@@ -150,7 +150,8 @@ func transact(session *Session, w http.ResponseWriter, req *http.Request) error
 	body := http.MaxBytesReader(w, req.Body, maxPayloadLength+1)
 	_, err := io.Copy(session.Or, body)
 	if err != nil {
-		return fmt.Errorf("copying body to ORPort: %s", err)
+		// Omit err because it contains an IP address.
+		return fmt.Errorf("error copying body to ORPort")
 	}
 
 	buf := make([]byte, maxPayloadLength)
@@ -167,7 +168,8 @@ func transact(session *Session, w http.ResponseWriter, req *http.Request) error
 	w.Header().Set("Content-Type", "application/octet-stream")
 	n, err = w.Write(buf[:n])
 	if err != nil {
-		return fmt.Errorf("writing to response: %s", err)
+		// Omit err because it contains an IP address.
+		return fmt.Errorf("error writing to response")
 	}
 	// log.Printf("wrote %d bytes to response", n)
 	return nil

More information about the tor-commits mailing list