diff --git a/changes/ticket40474 b/changes/ticket40474 new file mode 100644 index 0000000000..d2a7231106 --- /dev/null +++ b/changes/ticket40474 @@ -0,0 +1,5 @@ + o Minor bugfixes (onion service, TROVE-2021-008): + - Only log once any v2 access attempts in order to not pollute the logs + with warnings and avoid recording the times on disk when v2 access was + attempted. Important to note that the onion address was _never_ logged. + That is a Low security issue. Fixes bug 40474; bugfix on 0.4.5.8. diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 7f260ba185..82e8ead5e0 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -2584,12 +2584,16 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, tor_assert(!automap); if (addresstype == ONION_V2_HOSTNAME) { - log_warn(LD_PROTOCOL, - "Warning! You've just connected to a v2 onion address. These " - "addresses are deprecated for security reasons, and are no " - "longer supported in Tor. Please encourage the site operator " - "to upgrade. For more information see " - "https://blog.torproject.org/v2-deprecation-timeline"); + static bool log_once = false; + if (!log_once) { + log_warn(LD_PROTOCOL, + "Warning! You've just connected to a v2 onion address. These " + "addresses are deprecated for security reasons, and are no " + "longer supported in Tor. Please encourage the site operator " + "to upgrade. For more information see " + "https://blog.torproject.org/v2-deprecation-timeline"); + log_once = true; + } } return connection_ap_handle_onion(conn, socks, circ, addresstype);