diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-11-15 16:37:02 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-11-15 16:37:02 -0500 |
| commit | 34e4d5a78362b3f133958740a18d0ee06ae4fdad (patch) | |
| tree | a6354a232ee6be39fc8c12eb1c5581ec944de093 | |
| parent | db3acb3aa398bda46435d94427967410da173222 (diff) | |
| parent | 18085abfcc3d13c53752764ea87a21201831bc6b (diff) | |
| download | tor-34e4d5a78362b3f133958740a18d0ee06ae4fdad.tar.gz tor-34e4d5a78362b3f133958740a18d0ee06ae4fdad.zip | |
Merge remote-tracking branch 'dgoulet/bug27550_033_01' into maint-0.3.3
| -rw-r--r-- | changes/ticket27550 | 5 | ||||
| -rw-r--r-- | src/or/directory.c | 2 | ||||
| -rw-r--r-- | src/or/hs_client.c | 4 | ||||
| -rw-r--r-- | src/or/hs_descriptor.c | 9 |
4 files changed, 12 insertions, 8 deletions
diff --git a/changes/ticket27550 b/changes/ticket27550 new file mode 100644 index 0000000000..87f9b5cbe9 --- /dev/null +++ b/changes/ticket27550 @@ -0,0 +1,5 @@ + o Minor bugfixes (hidden service v3): + - Don't warn so loudly when tor is unable to decode a descriptor. This can + now happen as a normal use case if a client gets a descriptor with + client authorization but the client is not authorized. Fixes bug 27550; + bugfix on 0.3.5.1-alpha. diff --git a/src/or/directory.c b/src/or/directory.c index 8636f68410..ddb86cd9a4 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -3091,7 +3091,7 @@ handle_response_fetch_hsdesc_v3(dir_connection_t *conn, case 200: /* We got something: Try storing it in the cache. */ if (hs_cache_store_as_client(body, &conn->hs_ident->identity_pk) < 0) { - log_warn(LD_REND, "Failed to store hidden service descriptor"); + log_info(LD_REND, "Failed to store hidden service descriptor"); /* Fire control port FAILED event. */ hs_control_desc_event_failed(conn->hs_ident, conn->identity_digest, "BAD_DESC"); diff --git a/src/or/hs_client.c b/src/or/hs_client.c index 0cfdec1907..77cbc11a89 100644 --- a/src/or/hs_client.c +++ b/src/or/hs_client.c @@ -1225,10 +1225,6 @@ hs_client_decode_descriptor(const char *desc_str, ret = hs_desc_decode_descriptor(desc_str, subcredential, desc); memwipe(subcredential, 0, sizeof(subcredential)); if (ret < 0) { - log_warn(LD_GENERAL, "Could not parse received descriptor as client."); - if (get_options()->SafeLogging_ == SAFELOG_SCRUB_NONE) { - log_warn(LD_GENERAL, "%s", escaped(desc_str)); - } goto err; } diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c index 0298c37322..32278ec9f2 100644 --- a/src/or/hs_descriptor.c +++ b/src/or/hs_descriptor.c @@ -1361,7 +1361,7 @@ decrypt_desc_layer,(const hs_descriptor_t *desc, * This is a critical check that is making sure the computed MAC matches the * one in the descriptor. */ if (!tor_memeq(our_mac, desc_mac, sizeof(our_mac))) { - log_warn(LD_REND, "Encrypted service descriptor MAC check failed"); + log_info(LD_REND, "Encrypted service descriptor MAC check failed"); goto err; } @@ -1544,7 +1544,6 @@ desc_decrypt_all(const hs_descriptor_t *desc, char **decrypted_out) superencrypted_len, &encrypted_blob); if (!encrypted_len) { - log_warn(LD_REND, "Decrypting encrypted desc failed."); goto err; } tor_assert(encrypted_blob); @@ -2046,7 +2045,11 @@ desc_decode_encrypted_v3(const hs_descriptor_t *desc, * in the descriptor as a blob of bytes. */ message_len = desc_decrypt_all(desc, &message); if (!message_len) { - log_warn(LD_REND, "Service descriptor decryption failed."); + /* Inform at notice level that the onion address requested can't be + * reached without client authorization most likely. */ + log_notice(LD_REND, "Fail to decrypt descriptor for requested onion " + "address. It is likely requiring client " + "authorization."); goto err; } tor_assert(message); |