diff options
author | Nick Mathewson <nickm@torproject.org> | 2014-09-09 10:22:42 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2014-09-09 10:22:42 -0400 |
commit | ad0ae89b3c872ee89f4bd6096e650d4e2c855330 (patch) | |
tree | be776c6b7829193df6324a9ff8d9e2cd3f2ac5b6 | |
parent | 2ecaa59bd794f1cba6a4ce3b82b73a8b4d27b2ab (diff) | |
parent | a3c49ca79aa28d869223773eb8e8774013f3eb77 (diff) | |
download | tor-ad0ae89b3c872ee89f4bd6096e650d4e2c855330.tar.gz tor-ad0ae89b3c872ee89f4bd6096e650d4e2c855330.zip |
Merge remote-tracking branch 'origin/maint-0.2.5'
-rw-r--r-- | changes/bug13071 | 3 | ||||
-rw-r--r-- | src/or/directory.c | 12 |
2 files changed, 10 insertions, 5 deletions
diff --git a/changes/bug13071 b/changes/bug13071 new file mode 100644 index 0000000000..8212b6c049 --- /dev/null +++ b/changes/bug13071 @@ -0,0 +1,3 @@ + o Minor bugfixes (relay): + - Escape all strings from the directory connection before logging them. + Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor". diff --git a/src/or/directory.c b/src/or/directory.c index d8492cbbec..1aaa75ccee 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -2497,7 +2497,7 @@ client_likes_consensus(networkstatus_t *v, const char *want_url) if (base16_decode(want_digest, DIGEST_LEN, d, want_len*2) < 0) { log_fn(LOG_PROTOCOL_WARN, LD_DIR, - "Failed to decode requested authority digest %s.", d); + "Failed to decode requested authority digest %s.", escaped(d)); continue; }; @@ -2557,7 +2557,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers, * act as if no If-Modified-Since header had been given. */ tor_free(header); } - log_debug(LD_DIRSERV,"rewritten url as '%s'.", url); + log_debug(LD_DIRSERV,"rewritten url as '%s'.", escaped(url)); url_mem = url; url_len = strlen(url); @@ -3006,7 +3006,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers, const char *query = url + strlen("/tor/rendezvous2/"); if (strlen(query) == REND_DESC_ID_V2_LEN_BASE32) { log_info(LD_REND, "Got a v2 rendezvous descriptor request for ID '%s'", - safe_str(query)); + safe_str(escaped(query))); switch (rend_cache_lookup_v2_desc_as_dir(query, &descp)) { case 1: /* valid */ write_http_response_header(conn, strlen(descp), 0, 0); @@ -3140,7 +3140,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers, write_http_status_line(conn, 400, "Bad request"); return 0; } - log_debug(LD_DIRSERV,"rewritten url as '%s'.", url); + log_debug(LD_DIRSERV,"rewritten url as '%s'.", escaped(url)); /* Handle v2 rendezvous service publish request. */ if (options->HidServDirectoryV2 && @@ -3273,7 +3273,9 @@ directory_handle_command(dir_connection_t *conn) } http_set_address_origin(headers, TO_CONN(conn)); - //log_debug(LD_DIRSERV,"headers %s, body %s.", headers, body); + // we should escape headers here as well, + // but we can't call escaped() twice, as it uses the same buffer + //log_debug(LD_DIRSERV,"headers %s, body %s.", headers, escaped(body)); if (!strncasecmp(headers,"GET",3)) r = directory_handle_command_get(conn, headers, body, body_len); |