commit f0d1240a07c60b3a01d730d9379bdbe72d41b552
parent 0dbb2f53b933cb089ed18d72717bbf10938ffa76
Author: David Goulet <dgoulet@torproject.org>
Date: Mon, 4 Oct 2021 14:38:50 -0400
hs-v2: Only log once the connection warning to v2
Closes #40474
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat:
2 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/changes/ticket40474 b/changes/ticket40474
@@ -0,0 +1,5 @@
+ o Minor bugfixes (onion service, TROVE-2021-008):
+ - Only log once any v2 access attempts in order to not pollute the logs
+ with warnings and avoid recording the times on disk when v2 access was
+ attempted. Important to note that the onion address was _never_ logged.
+ That is a Low security issue. Fixes bug 40474; bugfix on 0.4.5.8.
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
@@ -2584,12 +2584,16 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
tor_assert(!automap);
if (addresstype == ONION_V2_HOSTNAME) {
- log_warn(LD_PROTOCOL,
- "Warning! You've just connected to a v2 onion address. These "
- "addresses are deprecated for security reasons, and are no "
- "longer supported in Tor. Please encourage the site operator "
- "to upgrade. For more information see "
- "https://blog.torproject.org/v2-deprecation-timeline");
+ static bool log_once = false;
+ if (!log_once) {
+ log_warn(LD_PROTOCOL,
+ "Warning! You've just connected to a v2 onion address. These "
+ "addresses are deprecated for security reasons, and are no "
+ "longer supported in Tor. Please encourage the site operator "
+ "to upgrade. For more information see "
+ "https://blog.torproject.org/v2-deprecation-timeline");
+ log_once = true;
+ }
}
return connection_ap_handle_onion(conn, socks, circ, addresstype);
