diff options
author | teor <teor@torproject.org> | 2019-11-06 11:16:09 +1000 |
---|---|---|
committer | teor <teor@torproject.org> | 2019-11-06 11:16:09 +1000 |
commit | 6bfdd096792194d1077a101a34859bff996c940e (patch) | |
tree | a5c8e45cc8c8c9178453bab3a98c8a48ab07660d | |
parent | 15d67842f9c1cb993491cf473478999dace7c6c2 (diff) | |
parent | bf4a27c0eae79baff7f0ed4ebe12bda5e2ba06b6 (diff) | |
download | tor-6bfdd096792194d1077a101a34859bff996c940e.tar.gz tor-6bfdd096792194d1077a101a34859bff996c940e.zip |
Merge remote-tracking branch 'tor-github/pr/1343' into maint-0.3.5
-rw-r--r-- | changes/ticket31466 | 5 | ||||
-rw-r--r-- | src/core/or/connection_edge.c | 6 |
2 files changed, 9 insertions, 2 deletions
diff --git a/changes/ticket31466 b/changes/ticket31466 new file mode 100644 index 0000000000..e535b4502e --- /dev/null +++ b/changes/ticket31466 @@ -0,0 +1,5 @@ + o Minor bugfixes (logging): + - Rate-limit our the logging message about the obsolete .exit notation. + Previously, there was no limit on this warning, which could potentially + be triggered many times by a hostile website. Fixes bug 31466; + bugfix on 0.2.2.1-alpha. diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 7cc67d7f5e..90991107dc 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -1598,8 +1598,10 @@ connection_ap_handshake_rewrite(entry_connection_t *conn, * disallowed when they're coming straight from the client, but you're * allowed to have them in MapAddress commands and so forth. */ if (!strcmpend(socks->address, ".exit")) { - log_warn(LD_APP, "The \".exit\" notation is disabled in Tor due to " - "security risks."); + static ratelim_t exit_warning_limit = RATELIM_INIT(60*15); + log_fn_ratelim(&exit_warning_limit, LOG_WARN, LD_APP, + "The \".exit\" notation is disabled in Tor due to " + "security risks."); control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s", escaped(socks->address)); out->end_reason = END_STREAM_REASON_TORPROTOCOL; |