<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div apple-content-edited="true"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="font-family: UICTFontTextStyleBody; font-size: 19px; -webkit-text-size-adjust: auto;"><br></div></div></div></div></div></div></div></div></div><div>On 25 Aug 2015, at 21:25, Andreas Stieger <<a href="mailto:astieger@suse.com">astieger@suse.com</a>> wrote:<br><br></div><blockquote type="cite"><div><span>Hello,</span><br><span></span><br><span>On 08/25/2015 08:16 AM, teor wrote:</span><br><blockquote type="cite"><span>On 24 Aug 2015, at 09:12, Andreas Stieger <<a href="mailto:astieger@suse.com">astieger@suse.com</a></span><br></blockquote><blockquote type="cite"><span><<a href="mailto:astieger@suse.com">mailto:astieger@suse.com</a>>> wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>I found a warning-level message in socks5 code relating to malformed</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>hostnames that did not respect the SafeLogging setting, breaking the</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>rule of least surprise. Please review the attached simple patch.</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Thank you for submitting this patch - is there a corresponding Trac ticket?</span><br></blockquote><blockquote type="cite"><span>(Patches without Trac tickets can get lost easily.)</span><br></blockquote><span></span><br><span>I created #16891 and attached the patch.</span><br><span><a href="https://trac.torproject.org/projects/tor/ticket/16891">https://trac.torproject.org/projects/tor/ticket/16891</a></span><br></div></blockquote><br><div>Thanks, Andreas, I have reviewed your patch, and tagged it with the keywords PostFreeze027 (so it gets merged before / during the 0.2.7 freeze) and TorCoreTeam201508 (so it's included in this month's work).</div><div><br></div><div>I have also filed #16894 to do a review of similar logging issues elsewhere in the Tor codebase.</div><div><br></div><div>If anyone wants to help review the places where Tor logs externally-provided strings, and particularly logging sensitive client information, please add your findings to the ticket.</div><div><br></div><div><a href="https://trac.torproject.org/projects/tor/ticket/16894">https://trac.torproject.org/projects/tor/ticket/16894</a></div><div><br></div><div>Thanks again,</div><div><br></div><div>Tim (teor)</div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div apple-content-edited="true"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><span style="background-color: rgba(255, 255, 255, 0);">Tim Wilson-Brown (teor)</span></div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><span style="background-color: rgba(255, 255, 255, 0);">teor2345 at gmail dot com<br>pgp 0xABFED1AC<br><a href="https://gist.github.com/teor2345/d033b8ce0a99adbc89c5">https://gist.github.com/teor2345/d033b8ce0a99adbc89c5</a><br><br>teor at blah dot im<br>OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7</span></div></div></div></div></div></div></div></div></div></body></html>