[tor-dev] [PATCH] Log malformed hostnames in socks5 request respecting SafeLogging

teor teor2345 at gmail.com
Tue Aug 25 13:19:42 UTC 2015


> On 25 Aug 2015, at 21:25, Andreas Stieger <astieger at suse.com> wrote:
> 
> Hello,
> 
>> On 08/25/2015 08:16 AM, teor wrote:
>> On 24 Aug 2015, at 09:12, Andreas Stieger <astieger at suse.com
>> <mailto:astieger at suse.com>> wrote:
>>> I found a warning-level message in socks5 code relating to malformed
>>> hostnames that did not respect the SafeLogging setting, breaking the
>>> rule of least surprise. Please review the attached simple patch.
>> 
>> Thank you for submitting this patch - is there a corresponding Trac ticket?
>> (Patches without Trac tickets can get lost easily.)
> 
> I created #16891 and attached the patch.
> https://trac.torproject.org/projects/tor/ticket/16891

Thanks, Andreas, I have reviewed your patch, and tagged it with the keywords PostFreeze027 (so it gets merged before / during the 0.2.7 freeze) and TorCoreTeam201508 (so it's included in this month's work).

I have also filed #16894 to do a review of similar logging issues elsewhere in the Tor codebase.

If anyone wants to help review the places where Tor logs externally-provided strings, and particularly logging sensitive client information, please add your findings to the ticket.

https://trac.torproject.org/projects/tor/ticket/16894

Thanks again,

Tim (teor)

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
pgp 0xABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5

teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150825/144d7a4d/attachment.html>


More information about the tor-dev mailing list