[tor-commits] [tor/main] hs-v2: Only log once the connection warning to v2

dgoulet at torproject.org dgoulet at torproject.org
Wed Oct 6 17:27:40 UTC 2021 

commit f0d1240a07c60b3a01d730d9379bdbe72d41b552
Author: David Goulet <dgoulet at torproject.org>
Date:   Mon Oct 4 14:38:50 2021 -0400

    hs-v2: Only log once the connection warning to v2
    
    Closes #40474
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 changes/ticket40474           |  5 +++++
 src/core/or/connection_edge.c | 16 ++++++++++------
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/changes/ticket40474 b/changes/ticket40474
new file mode 100644
index 0000000000..d2a7231106
--- /dev/null
+++ b/changes/ticket40474
@@ -0,0 +1,5 @@
+  o Minor bugfixes (onion service, TROVE-2021-008):
+    - Only log once any v2 access attempts in order to not pollute the logs
+      with warnings and avoid recording the times on disk when v2 access was
+      attempted. Important to note that the onion address was _never_ logged.
+      That is a Low security issue. Fixes bug 40474; bugfix on 0.4.5.8.
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index 7f260ba185..82e8ead5e0 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -2584,12 +2584,16 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
     tor_assert(!automap);
 
     if (addresstype == ONION_V2_HOSTNAME) {
-      log_warn(LD_PROTOCOL,
-               "Warning! You've just connected to a v2 onion address. These "
-               "addresses are deprecated for security reasons, and are no "
-               "longer supported in Tor. Please encourage the site operator "
-               "to upgrade. For more information see "
-               "https://blog.torproject.org/v2-deprecation-timeline");
+      static bool log_once = false;
+      if (!log_once) {
+        log_warn(LD_PROTOCOL,
+                 "Warning! You've just connected to a v2 onion address. These "
+                 "addresses are deprecated for security reasons, and are no "
+                 "longer supported in Tor. Please encourage the site operator "
+                 "to upgrade. For more information see "
+                 "https://blog.torproject.org/v2-deprecation-timeline");
+        log_once = true;
+      }
     }
 
     return connection_ap_handle_onion(conn, socks, circ, addresstype);

More information about the tor-commits mailing list