hs-v2: Only log once the connection warning to v2

Closes #40474 Signed-off-by: David Goulet <dgoulet@torproject.org>
2024-11-27 22:03:31 +01:00 · 2021-10-04 14:36:05 -04:00 · 2021-10-04 14:36:05 -04:00 · 602dcd8e37
commit 602dcd8e37
parent f728e09ebe
2 changed files with 14 additions and 4 deletions
--- a/changes/ticket40474
+++ b/changes/ticket40474
@ -0,0 +1,5 @@
+  o Minor bugfixes (onion service, TROVE-2021-008):
+    - Only log once any v2 access attempts in order to not pollute the logs
+      with warnings and avoid recording the times on disk when v2 access was
+      attempted. Important to note that the onion address was _never_ logged.
+      That is a Low security issue. Fixes bug 40474; bugfix on 0.4.5.8.
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@ -2530,10 +2530,15 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,

    /* We don't support v2 onions anymore. Log a warning and bail. */
    if (addresstype == ONION_V2_HOSTNAME) {
-      log_warn(LD_PROTOCOL, "Tried to connect to a v2 onion address, but this "
-               "version of Tor no longer supports them. Please encourage the "
-               "site operator to upgrade. For more information see "
-               "https://blog.torproject.org/v2-deprecation-timeline.");
+      static bool log_once = false;
+      if (!log_once) {
+        log_warn(LD_PROTOCOL, "Tried to connect to a v2 onion address, but "
+                 "this version of Tor no longer supports them. Please "
+                 "encourage the site operator to upgrade. For more "
+                 "information see "
+                 "https://blog.torproject.org/v2-deprecation-timeline.");
+        log_once = true;
+      }
      control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
                                  escaped(socks->address));
      /* Send back the 0xF6 extended code indicating a bad hostname. This is