commit 05f244a5bfa137da662a8296a34f13e58aa23137 Author: David Fifield david@bamsoftware.com Date: Mon Sep 29 10:18:36 2014 -0700
Don't show error text that may contain public IPs.
The error messages looked like these:
2014/09/28 22:33:46 copying body to ORPort: write tcp 127.0.0.1:YYYY: connection reset by peer 2014/09/29 01:53:17 copying body to ORPort: read tcp X.X.X.X:YYYY: i/o timeout 2014/09/29 03:27:00 writing to response: write tcp X.X.X.X:YYYY: broken pipe 2014/09/29 06:39:53 writing to response: write tcp X.X.X.X:YYYY: i/o timeout
I don't know how to keep the e.g. "connection reset by peer" part without keeping the IP, so just leave the whole thing off. The "copying body to ORPort" message in the "write tcp" case message only has a localhost IP, but treat it the same way.
The "reading from ORPort" error only ever has a localhost IP, so I'm leaving it in. --- meek-server/meek-server.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go index 44abbb0..81a1757 100644 --- a/meek-server/meek-server.go +++ b/meek-server/meek-server.go @@ -150,7 +150,8 @@ func transact(session *Session, w http.ResponseWriter, req *http.Request) error body := http.MaxBytesReader(w, req.Body, maxPayloadLength+1) _, err := io.Copy(session.Or, body) if err != nil { - return fmt.Errorf("copying body to ORPort: %s", err) + // Omit err because it contains an IP address. + return fmt.Errorf("error copying body to ORPort") }
buf := make([]byte, maxPayloadLength) @@ -167,7 +168,8 @@ func transact(session *Session, w http.ResponseWriter, req *http.Request) error w.Header().Set("Content-Type", "application/octet-stream") n, err = w.Write(buf[:n]) if err != nil { - return fmt.Errorf("writing to response: %s", err) + // Omit err because it contains an IP address. + return fmt.Errorf("error writing to response") } // log.Printf("wrote %d bytes to response", n) return nil
tor-commits@lists.torproject.org