[tor-bugs] #23490 [Core Tor/Tor]: Fix TROVE-2017-008: Stack disclosure in hidden services logs when SafeLogging disabled (was: Fix TROVE-2017-008)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Sep 18 13:37:31 UTC 2017

#23490: Fix TROVE-2017-008: Stack disclosure in hidden services logs when
SafeLogging disabled
 Reporter:  nickm                         |          Owner:  nickm
     Type:  defect                        |         Status:  accepted
 Priority:  High                          |      Milestone:  Tor:
                                          |  0.3.1.x-final
Component:  Core Tor/Tor                  |        Version:  Tor:
 Severity:  Normal                        |     Resolution:
 Keywords:  trove-2017-008 CVE-2017-0380  |  Actual Points:
Parent ID:                                |         Points:
 Reviewer:                                |        Sponsor:
Changes (by nickm):

 * keywords:   => trove-2017-008 CVE-2017-0380
 * version:   => Tor:

Old description:

New description:

 [TROVE-2017-008.  CVE-2017-0380. Severity: medium]


   We have found a possible problem with the code that reports an error
   during the construction of an introduction point circuit.  Because
   of this bug, it is possible that some hidden services will sometimes
   write sensitive information into their logs.

   This bug can only happen when the SafeLogging option is disabled,
   and SafeLogging is enabled by default.  If you have not disabled
   SafeLogging, then you should be fine.

   We are tracking this bug as TROVE-2017-008 and as ticket #23490. It
   is also CVE-2017-0380.


    1. If you are not running a hidden service, then you don't need
       to do anything.  This bug does not affect you.

    2. If you are running 0.2.5.x, this bug does not affect you: it
       first appeared in  Other bugs do affect you,
       though: 0.2.5.x is pretty old!

       (If you are running 0.2.4, or 0.2.6, or 0.2.7, you should just
       upgrade. We aren't supporting those releases.)

    3. Make sure that you did not change the value of the SafeLogging
       option in your configuration -- or if you did, that you set it
       to "1".  SafeLogging needs to be turned to "0" or "relay" for
       this bug to occur.

    4. If you did disable SafeLogging, re-enable it: Set it to 1, and
       use a HUP signal to tell Tor to reload its configuration.

    5. If you did disable SafeLogging, you should delete any old logs
       that were generated with SafeLogging disabled.

       (You should be regularly removing old logs anyway, as a best
       security practice.)


     We found this when we re-added scan-build's dead assignment
     checker into the checkers that we run on Tor.  Obviously, it's
     time to make sure that scan-build gets run more frequently.


     There are patches for this issue linked from ticket #23490 on
     our bugtracker.

     I will be putting out updated releases today.  This bug will be
     fixed in,,,, and


Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23490#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list