[or-cvs] r9521: Backport fix for bug 382. (in tor/branches/tor-0_1_1-patches: . src/or)

Thu Feb 8 07:23:51 UTC 2007

Author: nickm
Date: 2007-02-08 02:23:50 -0500 (Thu, 08 Feb 2007)
New Revision: 9521

Modified:
   tor/branches/tor-0_1_1-patches/
   tor/branches/tor-0_1_1-patches/ChangeLog
   tor/branches/tor-0_1_1-patches/src/or/connection_or.c
Log:
 r11282 at catbus:  nickm | 2007-01-23 14:55:25 -0500
 Backport fix for bug 382.



Property changes on: tor/branches/tor-0_1_1-patches
___________________________________________________________________
 svk:merge ticket from /tor/011 [r11282] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/branches/tor-0_1_1-patches/ChangeLog
===================================================================

--- tor/branches/tor-0_1_1-patches/ChangeLog	2007-02-08 05:38:17 UTC (rev 9520)
+++ tor/branches/tor-0_1_1-patches/ChangeLog	2007-02-08 07:23:50 UTC (rev 9521)
@@ -4,6 +4,8 @@
       from enough authorities.  This delays the first download slightly under
       pathological circumstances, but can prevent us from downloading a bunch
       of descriptors we don't need.
+    - Do not log IPs with TLS failures for incoming TLS connections.  (Fixes
+      bug 382.)
 
 
 Changes in version 0.1.1.26 - 2006-12-14

Modified: tor/branches/tor-0_1_1-patches/src/or/connection_or.c
===================================================================
--- tor/branches/tor-0_1_1-patches/src/or/connection_or.c	2007-02-08 05:38:17 UTC (rev 9520)
+++ tor/branches/tor-0_1_1-patches/src/or/connection_or.c	2007-02-08 07:23:50 UTC (rev 9521)
@@ -582,11 +582,13 @@
   char nickname[MAX_NICKNAME_LEN+1];
   or_options_t *options = get_options();
   int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN;
+  const char *safe_address = connection_or_nonopen_was_started_here(conn) ?
+    conn->address : safe_str(conn->address);
 
   check_no_tls_errors();
   if (! tor_tls_peer_has_cert(conn->tls)) {
     log_info(LD_PROTOCOL,"Peer (%s:%d) didn't send a cert! Closing.",
-             conn->address, conn->port);
+             safe_address, conn->port);
     return -1;
   }
   check_no_tls_errors();
@@ -594,17 +596,17 @@
                                      sizeof(nickname))) {
     log_fn(severity,LD_PROTOCOL,"Other side (%s:%d) has a cert without a "
            "valid nickname. Closing.",
-           conn->address, conn->port);
+           safe_address, conn->port);
     return -1;
   }
   check_no_tls_errors();
   log_debug(LD_OR, "Other side (%s:%d) claims to be router '%s'",
-            conn->address, conn->port, nickname);
+            safe_address, conn->port, nickname);
 
   if (tor_tls_verify(severity, conn->tls, &identity_rcvd) < 0) {
     log_fn(severity,LD_OR,"Other side, which claims to be router '%s' (%s:%d),"
            " has a cert but it's invalid. Closing.",
-           nickname, conn->address, conn->port);
+           nickname, safe_address, conn->port);
     return -1;
   }
   check_no_tls_errors();
@@ -625,7 +627,7 @@
     log_fn(severity, LD_OR,
            "Identity key not as expected for router claiming to be "
            "'%s' (%s:%d)",
-           nickname, conn->address, conn->port);
+           nickname, safe_address, conn->port);
     return -1;
   }
 

