diff options
author | teor <teor@torproject.org> | 2019-11-06 11:19:25 +1000 |
---|---|---|
committer | teor <teor@torproject.org> | 2019-11-06 11:19:25 +1000 |
commit | d7f76b8c47ffd2512b9b454a2af87243e0f68993 (patch) | |
tree | a072d52d228bd9c70cd1d7b278e1c7e293b8936b | |
parent | 9343b4120001ce788d11eae0d7f41340e93f044c (diff) | |
parent | 0650bf3695ae2e118426f3f6ecf1f8a344562119 (diff) | |
download | tor-d7f76b8c47ffd2512b9b454a2af87243e0f68993.tar.gz tor-d7f76b8c47ffd2512b9b454a2af87243e0f68993.zip |
Merge branch 'maint-0.2.9' into release-0.2.9
-rw-r--r-- | changes/bug31107 | 4 | ||||
-rw-r--r-- | changes/ticket31466 | 5 | ||||
-rw-r--r-- | src/or/channeltls.c | 10 | ||||
-rw-r--r-- | src/or/connection_edge.c | 8 |
4 files changed, 23 insertions, 4 deletions
diff --git a/changes/bug31107 b/changes/bug31107 new file mode 100644 index 0000000000..9652927c30 --- /dev/null +++ b/changes/bug31107 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging, protocol violations): + - Do not log a nonfatal assertion failure when receiving a VERSIONS + cell on a connection using the obsolete v1 link protocol. Log a + protocol_warn instead. Fixes bug 31107; bugfix on 0.2.4.4-alpha. diff --git a/changes/ticket31466 b/changes/ticket31466 new file mode 100644 index 0000000000..e535b4502e --- /dev/null +++ b/changes/ticket31466 @@ -0,0 +1,5 @@ + o Minor bugfixes (logging): + - Rate-limit our the logging message about the obsolete .exit notation. + Previously, there was no limit on this warning, which could potentially + be triggered many times by a hostile website. Fixes bug 31466; + bugfix on 0.2.2.1-alpha. diff --git a/src/or/channeltls.c b/src/or/channeltls.c index d44f719138..6f4e413dc6 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1098,7 +1098,15 @@ channel_tls_handle_cell(cell_t *cell, or_connection_t *conn) /* do nothing */ break; case CELL_VERSIONS: - tor_fragile_assert(); + /* A VERSIONS cell should always be a variable-length cell, and + * so should never reach this function (which handles constant-sized + * cells). But if the connection is using the (obsolete) v1 link + * protocol, all cells will be treated as constant-sized, and so + * it's possible we'll reach this code. + */ + log_fn(LOG_PROTOCOL_WARN, LD_CHANNEL, + "Received unexpected VERSIONS cell on a channel using link " + "protocol %d; ignoring.", conn->link_proto); break; case CELL_NETINFO: ++stats_n_netinfo_cells_processed; diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 7a97c632d1..5638d9a1be 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1186,9 +1186,11 @@ connection_ap_handshake_rewrite(entry_connection_t *conn, * disallowed when they're coming straight from the client, but you're * allowed to have them in MapAddress commands and so forth. */ if (!strcmpend(socks->address, ".exit") && !options->AllowDotExit) { - log_warn(LD_APP, "The \".exit\" notation is disabled in Tor due to " - "security risks. Set AllowDotExit in your torrc to enable " - "it (at your own risk)."); + static ratelim_t exit_warning_limit = RATELIM_INIT(60*15); + log_fn_ratelim(&exit_warning_limit, LOG_WARN, LD_APP, + "The \".exit\" notation is disabled in Tor due to " + "security risks. Set AllowDotExit in your torrc to enable " + "it (at your own risk)."); control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s", escaped(socks->address)); out->end_reason = END_STREAM_REASON_TORPROTOCOL; |