[tor-dev] [PATCH] Log malformed hostnames in socks5 request respecting SafeLogging
teor2345 at gmail.com
Tue Aug 25 13:19:42 UTC 2015
> On 25 Aug 2015, at 21:25, Andreas Stieger <astieger at suse.com> wrote:
>> On 08/25/2015 08:16 AM, teor wrote:
>> On 24 Aug 2015, at 09:12, Andreas Stieger <astieger at suse.com
>> <mailto:astieger at suse.com>> wrote:
>>> I found a warning-level message in socks5 code relating to malformed
>>> hostnames that did not respect the SafeLogging setting, breaking the
>>> rule of least surprise. Please review the attached simple patch.
>> Thank you for submitting this patch - is there a corresponding Trac ticket?
>> (Patches without Trac tickets can get lost easily.)
> I created #16891 and attached the patch.
Thanks, Andreas, I have reviewed your patch, and tagged it with the keywords PostFreeze027 (so it gets merged before / during the 0.2.7 freeze) and TorCoreTeam201508 (so it's included in this month's work).
I have also filed #16894 to do a review of similar logging issues elsewhere in the Tor codebase.
If anyone wants to help review the places where Tor logs externally-provided strings, and particularly logging sensitive client information, please add your findings to the ticket.
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-dev