Hello,
I found a warning-level message in socks5 code relating to malformed hostnames that did not respect the SafeLogging setting, breaking the rule of least surprise. Please review the attached simple patch.
Andreas
On 24 Aug 2015, at 09:12, Andreas Stieger astieger@suse.com wrote:
Hello,
I found a warning-level message in socks5 code relating to malformed hostnames that did not respect the SafeLogging setting, breaking the rule of least surprise. Please review the attached simple patch.
Hi Andreas,
Thank you for submitting this patch - is there a corresponding Trac ticket? (Patches without Trac tickets can get lost easily.)
If there isn't a Trac ticket, feel free to log one, or I can log one for you if you'd like.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
Hello,
On 08/25/2015 08:16 AM, teor wrote:
On 24 Aug 2015, at 09:12, Andreas Stieger <astieger@suse.com mailto:astieger@suse.com> wrote:
I found a warning-level message in socks5 code relating to malformed hostnames that did not respect the SafeLogging setting, breaking the rule of least surprise. Please review the attached simple patch.
Thank you for submitting this patch - is there a corresponding Trac ticket? (Patches without Trac tickets can get lost easily.)
I created #16891 and attached the patch. https://trac.torproject.org/projects/tor/ticket/16891
Andreas
On 25 Aug 2015, at 21:25, Andreas Stieger astieger@suse.com wrote:
Hello,
On 08/25/2015 08:16 AM, teor wrote: On 24 Aug 2015, at 09:12, Andreas Stieger <astieger@suse.com mailto:astieger@suse.com> wrote:
I found a warning-level message in socks5 code relating to malformed hostnames that did not respect the SafeLogging setting, breaking the rule of least surprise. Please review the attached simple patch.
Thank you for submitting this patch - is there a corresponding Trac ticket? (Patches without Trac tickets can get lost easily.)
I created #16891 and attached the patch. https://trac.torproject.org/projects/tor/ticket/16891
Thanks, Andreas, I have reviewed your patch, and tagged it with the keywords PostFreeze027 (so it gets merged before / during the 0.2.7 freeze) and TorCoreTeam201508 (so it's included in this month's work).
I have also filed #16894 to do a review of similar logging issues elsewhere in the Tor codebase.
If anyone wants to help review the places where Tor logs externally-provided strings, and particularly logging sensitive client information, please add your findings to the ticket.
https://trac.torproject.org/projects/tor/ticket/16894
Thanks again,
Tim (teor)
Tim Wilson-Brown (teor)
teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
-
Andreas Stieger -
teor