commit c775689e96be101d2818722aa92393190ca3fc6d
parent 61d5bcc1a251002d726e66461ec576d9b71cebd1
Author: Nick Mathewson <nickm@torproject.org>
Date: Sat, 11 Aug 2018 10:05:15 -0400
Merge remote-tracking branch 'tor-github/pr/244'
Diffstat:
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/changes/bug26882 b/changes/bug26882
@@ -0,0 +1,5 @@
+ o Minor bugfixes (logging, documentation):
+ - When SafeLogging is enabled, scrub IP address in
+ channel_tls_process_netinfo_cell(). Also, add a note
+ to manpage that scrubbing is not guaranteed on loglevels
+ below Notice. Fixes bug 26882; bugfix on 0.2.4.10-alpha.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
@@ -754,7 +754,9 @@ GENERAL OPTIONS
If this option is set to 0, Tor will not perform any scrubbing, if it is
set to 1, all potentially sensitive strings are replaced. If it is set to
relay, all log messages generated when acting as a relay are sanitized, but
- all messages generated when acting as a client are not. (Default: 1)
+ all messages generated when acting as a client are not.
+ Note: Tor may not heed this option when logging at log levels below Notice.
+ (Default: 1)
[[User]] **User** __Username__::
On startup, setuid to this user and setgid to their primary group.
diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c
@@ -1837,7 +1837,8 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
(int)(chan->conn->link_proto),
hex_str(identity_digest, DIGEST_LEN),
tor_addr_is_null(&my_apparent_addr) ?
- "<none>" : fmt_and_decorate_addr(&my_apparent_addr));
+ "<none>" :
+ safe_str_client(fmt_and_decorate_addr(&my_apparent_addr)));
}
assert_connection_ok(TO_CONN(chan->conn),time(NULL));
}
