> On 25 Aug 2015, at 21:25, Andreas Stieger <[email protected]> wrote:
>
> Hello,
>
>> On 08/25/2015 08:16 AM, teor wrote:
>> On 24 Aug 2015, at 09:12, Andreas Stieger <[email protected]
>> <mailto:[email protected]>> wrote:
>>> I found a warning-level message in socks5 code relating to malformed
>>> hostnames that did not respect the SafeLogging setting, breaking the
>>> rule of least surprise. Please review the attached simple patch.
>>
>> Thank you for submitting this patch - is there a corresponding Trac ticket?
>> (Patches without Trac tickets can get lost easily.)
>
> I created #16891 and attached the patch.
> https://trac.torproject.org/projects/tor/ticket/16891
Thanks, Andreas, I have reviewed your patch, and tagged it with the keywords
PostFreeze027 (so it gets merged before / during the 0.2.7 freeze) and
TorCoreTeam201508 (so it's included in this month's work).
I have also filed #16894 to do a review of similar logging issues elsewhere in
the Tor codebase.
If anyone wants to help review the places where Tor logs externally-provided
strings, and particularly logging sensitive client information, please add your
findings to the ticket.
https://trac.torproject.org/projects/tor/ticket/16894
Thanks again,
Tim (teor)
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
pgp 0xABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
_______________________________________________
tor-dev mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
