Refactor the safe_str_*() API to make more sense.

The new rule is: safe_str_X() means "this string is a piece of X
information; make it safe to log."  safe_str() on its own means
"this string is a piece of who-knows-what; make it safe to log".
This commit is contained in:
Nick Mathewson 2009-12-15 17:23:36 -05:00
parent a8190b09a3
commit fcbd65b45c
20 changed files with 171 additions and 164 deletions

View File

@ -1491,7 +1491,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
} }
log_debug(LD_APP, log_debug(LD_APP,
"socks4: successfully read destip (%s)", "socks4: successfully read destip (%s)",
safe_str(tmpbuf)); safe_str_client(tmpbuf));
socks4_prot = socks4; socks4_prot = socks4;
} }

View File

@ -1230,7 +1230,7 @@ circuit_handle_first_hop(origin_circuit_t *circ)
const char *name = strlen(firsthop->extend_info->nickname) ? const char *name = strlen(firsthop->extend_info->nickname) ?
firsthop->extend_info->nickname : fmt_addr(&firsthop->extend_info->addr); firsthop->extend_info->nickname : fmt_addr(&firsthop->extend_info->addr);
log_info(LD_CIRC, "Next router is %s: %s ", log_info(LD_CIRC, "Next router is %s: %s ",
safe_str(name), msg?msg:"???"); safe_str_client(name), msg?msg:"???");
circ->_base.n_hop = extend_info_dup(firsthop->extend_info); circ->_base.n_hop = extend_info_dup(firsthop->extend_info);
if (should_launch) { if (should_launch) {

View File

@ -1090,8 +1090,8 @@ _circuit_mark_for_close(circuit_t *circ, int reason, int line,
/* treat this like getting a nack from it */ /* treat this like getting a nack from it */
log_info(LD_REND, "Failed intro circ %s to %s (awaiting ack). " log_info(LD_REND, "Failed intro circ %s to %s (awaiting ack). "
"Removing from descriptor.", "Removing from descriptor.",
safe_str(ocirc->rend_data->onion_address), safe_str_client(ocirc->rend_data->onion_address),
safe_str(build_state_get_exit_nickname(ocirc->build_state))); safe_str_client(build_state_get_exit_nickname(ocirc->build_state)));
rend_client_remove_intro_point(ocirc->build_state->chosen_exit, rend_client_remove_intro_point(ocirc->build_state->chosen_exit,
ocirc->rend_data); ocirc->rend_data);
} }

View File

@ -1103,7 +1103,7 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn,
need_uptime)) { need_uptime)) {
log_notice(LD_APP, log_notice(LD_APP,
"No Tor server allows exit to %s:%d. Rejecting.", "No Tor server allows exit to %s:%d. Rejecting.",
safe_str(conn->socks_request->address), safe_str_client(conn->socks_request->address),
conn->socks_request->port); conn->socks_request->port);
return -1; return -1;
} }
@ -1144,14 +1144,14 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn,
if (!extend_info) { if (!extend_info) {
log_info(LD_REND, log_info(LD_REND,
"No intro points for '%s': re-fetching service descriptor.", "No intro points for '%s': re-fetching service descriptor.",
safe_str(conn->rend_data->onion_address)); safe_str_client(conn->rend_data->onion_address));
rend_client_refetch_v2_renddesc(conn->rend_data); rend_client_refetch_v2_renddesc(conn->rend_data);
conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT; conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT;
return 0; return 0;
} }
log_info(LD_REND,"Chose '%s' as intro point for '%s'.", log_info(LD_REND,"Chose '%s' as intro point for '%s'.",
extend_info->nickname, extend_info->nickname,
safe_str(conn->rend_data->onion_address)); safe_str_client(conn->rend_data->onion_address));
} }
/* If we have specified a particular exit node for our /* If we have specified a particular exit node for our
@ -1180,7 +1180,7 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn,
} }
if (tor_addr_from_str(&addr, conn->socks_request->address) < 0) { if (tor_addr_from_str(&addr, conn->socks_request->address) < 0) {
log_info(LD_DIR, "Broken address %s on tunnel conn. Closing.", log_info(LD_DIR, "Broken address %s on tunnel conn. Closing.",
escaped_safe_str(conn->socks_request->address)); escaped_safe_str_client(conn->socks_request->address));
return -1; return -1;
} }
extend_info = extend_info_alloc(conn->chosen_exit_name+1, extend_info = extend_info_alloc(conn->chosen_exit_name+1,
@ -1405,7 +1405,7 @@ connection_ap_handshake_attach_circuit(edge_connection_t *conn)
LOG_INFO : LOG_NOTICE; LOG_INFO : LOG_NOTICE;
log_fn(severity, LD_APP, log_fn(severity, LD_APP,
"Tried for %d seconds to get a connection to %s:%d. Giving up.", "Tried for %d seconds to get a connection to %s:%d. Giving up.",
conn_age, safe_str(conn->socks_request->address), conn_age, safe_str_client(conn->socks_request->address),
conn->socks_request->port); conn->socks_request->port);
return -1; return -1;
} }

View File

@ -405,7 +405,7 @@ command_process_relay_cell(cell_t *cell, or_connection_t *conn)
log_fn(LOG_PROTOCOL_WARN, LD_OR, log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Received too many RELAY_EARLY cells on circ %d from %s:%d." "Received too many RELAY_EARLY cells on circ %d from %s:%d."
" Closing circuit.", " Closing circuit.",
cell->circ_id, safe_str_relay(conn->_base.address), cell->circ_id, safe_str(conn->_base.address),
conn->_base.port); conn->_base.port);
circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL); circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
return; return;
@ -515,7 +515,7 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
log_info(LD_OR, "Negotiated version %d with %s:%d; sending NETINFO.", log_info(LD_OR, "Negotiated version %d with %s:%d; sending NETINFO.",
highest_supported_version, highest_supported_version,
safe_str(conn->_base.address), safe_str_client(conn->_base.address),
conn->_base.port); conn->_base.port);
tor_assert(conn->link_proto >= 2); tor_assert(conn->link_proto >= 2);
@ -629,7 +629,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
else else
log_info(LD_OR, "Got good NETINFO cell from %s:%d; OR connection is now " log_info(LD_OR, "Got good NETINFO cell from %s:%d; OR connection is now "
"open, using protocol version %d", "open, using protocol version %d",
safe_str(conn->_base.address), safe_str_client(conn->_base.address),
conn->_base.port, (int)conn->link_proto); conn->_base.port, (int)conn->link_proto);
assert_connection_ok(TO_CONN(conn),time(NULL)); assert_connection_ok(TO_CONN(conn),time(NULL));
} }

View File

@ -886,11 +886,14 @@ config_free_all(void)
tor_free(global_dirfrontpagecontents); tor_free(global_dirfrontpagecontents);
} }
/** If options->SafeLogging is "1", return a not very useful string, /** Make <b>address</b> -- a piece of information related to our operation as
* else return address. * a client -- safe to log according to the settings in options->SafeLogging,
* and return it.
*
* (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
*/ */
const char * const char *
safe_str(const char *address) safe_str_client(const char *address)
{ {
tor_assert(address); tor_assert(address);
if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL) if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
@ -899,11 +902,15 @@ safe_str(const char *address)
return address; return address;
} }
/** If options->SafeLogging is "1" or "relay", return a not very useful /** Make <b>address</b> -- a piece of information of unspecified sensitivity
* string, else return address. * -- safe to log according to the settings in options->SafeLogging, and
* return it.
*
* (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
* otherwise.)
*/ */
const char * const char *
safe_str_relay(const char *address) safe_str(const char *address)
{ {
tor_assert(address); tor_assert(address);
if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE) if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
@ -912,11 +919,11 @@ safe_str_relay(const char *address)
return address; return address;
} }
/** Equivalent to escaped(safe_str(address)). See reentrancy note on /** Equivalent to escaped(safe_str_client(address)). See reentrancy note on
* escaped(): don't use this outside the main thread, or twice in the same * escaped(): don't use this outside the main thread, or twice in the same
* log statement. */ * log statement. */
const char * const char *
escaped_safe_str(const char *address) escaped_safe_str_client(const char *address)
{ {
if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL) if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
return "[scrubbed]"; return "[scrubbed]";
@ -924,11 +931,11 @@ escaped_safe_str(const char *address)
return escaped(address); return escaped(address);
} }
/** Equivalent to escaped(safe_str_relay(address)). See reentrancy note on /** Equivalent to escaped(safe_str(address)). See reentrancy note on
* escaped(): don't use this outside the main thread, or twice in the same * escaped(): don't use this outside the main thread, or twice in the same
* log statement. */ * log statement. */
const char * const char *
escaped_safe_str_relay(const char *address) escaped_safe_str(const char *address)
{ {
if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE) if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
return "[scrubbed]"; return "[scrubbed]";

View File

@ -1263,7 +1263,7 @@ connection_connect(connection_t *conn, const char *address,
tor_assert(dest_addr_len > 0); tor_assert(dest_addr_len > 0);
log_debug(LD_NET, "Connecting to %s:%u.", log_debug(LD_NET, "Connecting to %s:%u.",
escaped_safe_str(address), port); escaped_safe_str_client(address), port);
if (connect(s, dest_addr, dest_addr_len) < 0) { if (connect(s, dest_addr, dest_addr_len) < 0) {
int e = tor_socket_errno(s); int e = tor_socket_errno(s);
@ -1272,7 +1272,7 @@ connection_connect(connection_t *conn, const char *address,
*socket_error = e; *socket_error = e;
log_info(LD_NET, log_info(LD_NET,
"connect() to %s:%u failed: %s", "connect() to %s:%u failed: %s",
escaped_safe_str(address), escaped_safe_str_client(address),
port, tor_socket_strerror(e)); port, tor_socket_strerror(e));
tor_close_socket(s); tor_close_socket(s);
return -1; return -1;
@ -1287,7 +1287,7 @@ connection_connect(connection_t *conn, const char *address,
/* it succeeded. we're connected. */ /* it succeeded. we're connected. */
log_fn(inprogress?LOG_DEBUG:LOG_INFO, LD_NET, log_fn(inprogress?LOG_DEBUG:LOG_INFO, LD_NET,
"Connection to %s:%u %s (sock %d).", "Connection to %s:%u %s (sock %d).",
escaped_safe_str(address), escaped_safe_str_client(address),
port, inprogress?"in progress":"established", s); port, inprogress?"in progress":"established", s);
conn->s = s; conn->s = s;
if (connection_add(conn) < 0) /* no space, forget it */ if (connection_add(conn) < 0) /* no space, forget it */

View File

@ -330,8 +330,8 @@ connection_edge_finished_connecting(edge_connection_t *edge_conn)
tor_assert(conn->state == EXIT_CONN_STATE_CONNECTING); tor_assert(conn->state == EXIT_CONN_STATE_CONNECTING);
log_info(LD_EXIT,"Exit connection to %s:%u (%s) established.", log_info(LD_EXIT,"Exit connection to %s:%u (%s) established.",
escaped_safe_str_relay(conn->address), conn->port, escaped_safe_str(conn->address), conn->port,
safe_str_relay(fmt_addr(&conn->addr))); safe_str(fmt_addr(&conn->addr)));
rep_hist_note_exit_stream_opened(conn->port); rep_hist_note_exit_stream_opened(conn->port);
@ -429,7 +429,7 @@ connection_ap_expire_beginning(void)
"Tried for %d seconds to get a connection to %s:%d. " "Tried for %d seconds to get a connection to %s:%d. "
"Giving up. (%s)", "Giving up. (%s)",
seconds_since_born, seconds_since_born,
safe_str(conn->socks_request->address), safe_str_client(conn->socks_request->address),
conn->socks_request->port, conn->socks_request->port,
conn_state_to_string(CONN_TYPE_AP, conn->_base.state)); conn_state_to_string(CONN_TYPE_AP, conn->_base.state));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT); connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
@ -446,7 +446,7 @@ connection_ap_expire_beginning(void)
circ = circuit_get_by_edge_conn(conn); circ = circuit_get_by_edge_conn(conn);
if (!circ) { /* it's vanished? */ if (!circ) { /* it's vanished? */
log_info(LD_APP,"Conn is waiting (address %s), but lost its circ.", log_info(LD_APP,"Conn is waiting (address %s), but lost its circ.",
safe_str(conn->socks_request->address)); safe_str_client(conn->socks_request->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT); connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
continue; continue;
} }
@ -456,7 +456,7 @@ connection_ap_expire_beginning(void)
"Rend stream is %d seconds late. Giving up on address" "Rend stream is %d seconds late. Giving up on address"
" '%s.onion'.", " '%s.onion'.",
seconds_idle, seconds_idle,
safe_str(conn->socks_request->address)); safe_str_client(conn->socks_request->address));
connection_edge_end(conn, END_STREAM_REASON_TIMEOUT); connection_edge_end(conn, END_STREAM_REASON_TIMEOUT);
connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT); connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
} }
@ -467,7 +467,7 @@ connection_ap_expire_beginning(void)
"We tried for %d seconds to connect to '%s' using exit '%s'." "We tried for %d seconds to connect to '%s' using exit '%s'."
" Retrying on a new circuit.", " Retrying on a new circuit.",
seconds_idle, seconds_idle,
safe_str(conn->socks_request->address), safe_str_client(conn->socks_request->address),
conn->cpath_layer ? conn->cpath_layer ?
conn->cpath_layer->extend_info->nickname : "*unnamed*"); conn->cpath_layer->extend_info->nickname : "*unnamed*");
/* send an end down the circuit */ /* send an end down the circuit */
@ -584,8 +584,8 @@ circuit_discard_optional_exit_enclaves(extend_info_t *info)
tor_assert(edge_conn->socks_request); tor_assert(edge_conn->socks_request);
if (edge_conn->chosen_exit_optional) { if (edge_conn->chosen_exit_optional) {
log_info(LD_APP, "Giving up on enclave exit '%s' for destination %s.", log_info(LD_APP, "Giving up on enclave exit '%s' for destination %s.",
safe_str(edge_conn->chosen_exit_name), safe_str_client(edge_conn->chosen_exit_name),
escaped_safe_str(edge_conn->socks_request->address)); escaped_safe_str_client(edge_conn->socks_request->address));
edge_conn->chosen_exit_optional = 0; edge_conn->chosen_exit_optional = 0;
tor_free(edge_conn->chosen_exit_name); /* clears it */ tor_free(edge_conn->chosen_exit_name); /* clears it */
/* if this port is dangerous, warn or reject it now that we don't /* if this port is dangerous, warn or reject it now that we don't
@ -823,9 +823,9 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out)
return (rewrites > 0); /* done, no rewrite needed */ return (rewrites > 0); /* done, no rewrite needed */
} }
cp = tor_strdup(escaped_safe_str(ent->new_address)); cp = tor_strdup(escaped_safe_str_client(ent->new_address));
log_info(LD_APP, "Addressmap: rewriting %s to %s", log_info(LD_APP, "Addressmap: rewriting %s to %s",
escaped_safe_str(address), cp); escaped_safe_str_client(address), cp);
if (ent->expires > 1 && ent->expires < expires) if (ent->expires > 1 && ent->expires < expires)
expires = ent->expires; expires = ent->expires;
tor_free(cp); tor_free(cp);
@ -833,7 +833,7 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out)
} }
log_warn(LD_CONFIG, log_warn(LD_CONFIG,
"Loop detected: we've rewritten %s 16 times! Using it as-is.", "Loop detected: we've rewritten %s 16 times! Using it as-is.",
escaped_safe_str(address)); escaped_safe_str_client(address));
/* it's fine to rewrite a rewrite, but don't loop forever */ /* it's fine to rewrite a rewrite, but don't loop forever */
if (expires_out) if (expires_out)
*expires_out = TIME_MAX; *expires_out = TIME_MAX;
@ -855,9 +855,9 @@ addressmap_rewrite_reverse(char *address, size_t maxlen, time_t *expires_out)
tor_snprintf(s, len, "REVERSE[%s]", address); tor_snprintf(s, len, "REVERSE[%s]", address);
ent = strmap_get(addressmap, s); ent = strmap_get(addressmap, s);
if (ent) { if (ent) {
cp = tor_strdup(escaped_safe_str(ent->new_address)); cp = tor_strdup(escaped_safe_str_client(ent->new_address));
log_info(LD_APP, "Rewrote reverse lookup %s -> %s", log_info(LD_APP, "Rewrote reverse lookup %s -> %s",
escaped_safe_str(s), cp); escaped_safe_str_client(s), cp);
tor_free(cp); tor_free(cp);
strlcpy(address, ent->new_address, maxlen); strlcpy(address, ent->new_address, maxlen);
r = 1; r = 1;
@ -919,9 +919,9 @@ addressmap_register(const char *address, char *new_address, time_t expires,
if (expires > 1) { if (expires > 1) {
log_info(LD_APP,"Temporary addressmap ('%s' to '%s') not performed, " log_info(LD_APP,"Temporary addressmap ('%s' to '%s') not performed, "
"since it's already mapped to '%s'", "since it's already mapped to '%s'",
safe_str(address), safe_str_client(address),
safe_str(new_address), safe_str_client(new_address),
safe_str(ent->new_address)); safe_str_client(ent->new_address));
tor_free(new_address); tor_free(new_address);
return; return;
} }
@ -940,8 +940,8 @@ addressmap_register(const char *address, char *new_address, time_t expires,
ent->source = source; ent->source = source;
log_info(LD_CONFIG, "Addressmap: (re)mapped '%s' to '%s'", log_info(LD_CONFIG, "Addressmap: (re)mapped '%s' to '%s'",
safe_str(address), safe_str_client(address),
safe_str(ent->new_address)); safe_str_client(ent->new_address));
control_event_address_mapped(address, ent->new_address, expires, NULL); control_event_address_mapped(address, ent->new_address, expires, NULL);
} }
@ -961,7 +961,7 @@ client_dns_incr_failures(const char *address)
if (ent->num_resolve_failures < SHORT_MAX) if (ent->num_resolve_failures < SHORT_MAX)
++ent->num_resolve_failures; /* don't overflow */ ++ent->num_resolve_failures; /* don't overflow */
log_info(LD_APP, "Address %s now has %d resolve failures.", log_info(LD_APP, "Address %s now has %d resolve failures.",
safe_str(address), safe_str_client(address),
ent->num_resolve_failures); ent->num_resolve_failures);
return ent->num_resolve_failures; return ent->num_resolve_failures;
} }
@ -1241,10 +1241,10 @@ addressmap_register_virtual_address(int type, char *new_address)
log_warn(LD_BUG, log_warn(LD_BUG,
"Internal confusion: I thought that '%s' was mapped to by " "Internal confusion: I thought that '%s' was mapped to by "
"'%s', but '%s' really maps to '%s'. This is a harmless bug.", "'%s', but '%s' really maps to '%s'. This is a harmless bug.",
safe_str(new_address), safe_str_client(new_address),
safe_str(*addrp), safe_str_client(*addrp),
safe_str(*addrp), safe_str_client(*addrp),
ent?safe_str(ent->new_address):"(nothing)"); ent?safe_str_client(ent->new_address):"(nothing)");
} }
tor_free(*addrp); tor_free(*addrp);
@ -1265,8 +1265,8 @@ addressmap_register_virtual_address(int type, char *new_address)
(type == RESOLVED_TYPE_IPV4) ? (type == RESOLVED_TYPE_IPV4) ?
vent->ipv4_address : vent->hostname_address)); vent->ipv4_address : vent->hostname_address));
log_info(LD_APP, "Map from %s to %s okay.", log_info(LD_APP, "Map from %s to %s okay.",
safe_str(*addrp), safe_str_client(*addrp),
safe_str(new_address)); safe_str_client(new_address));
} }
#endif #endif
@ -1414,7 +1414,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
tor_strlower(socks->address); /* normalize it */ tor_strlower(socks->address); /* normalize it */
strlcpy(orig_address, socks->address, sizeof(orig_address)); strlcpy(orig_address, socks->address, sizeof(orig_address));
log_debug(LD_APP,"Client asked for %s:%d", log_debug(LD_APP,"Client asked for %s:%d",
safe_str(socks->address), safe_str_client(socks->address),
socks->port); socks->port);
if (socks->command == SOCKS_COMMAND_RESOLVE && if (socks->command == SOCKS_COMMAND_RESOLVE &&
@ -1431,8 +1431,8 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
RESOLVED_TYPE_IPV4, tor_strdup(socks->address)); RESOLVED_TYPE_IPV4, tor_strdup(socks->address));
tor_assert(new_addr); tor_assert(new_addr);
log_info(LD_APP, "Automapping %s to %s", log_info(LD_APP, "Automapping %s to %s",
escaped_safe_str(socks->address), escaped_safe_str_client(socks->address),
safe_str(new_addr)); safe_str_client(new_addr));
strlcpy(socks->address, new_addr, sizeof(socks->address)); strlcpy(socks->address, new_addr, sizeof(socks->address));
} }
} }
@ -1488,7 +1488,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
* information. * information.
*/ */
log_warn(LD_APP,"Missing mapping for virtual address '%s'. Refusing.", log_warn(LD_APP,"Missing mapping for virtual address '%s'. Refusing.",
socks->address); /* don't safe_str() this yet. XXX When? -Seb */ safe_str_client(socks->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_INTERNAL); connection_mark_unattached_ap(conn, END_STREAM_REASON_INTERNAL);
return -1; return -1;
} }
@ -1501,7 +1501,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
if (addresstype == BAD_HOSTNAME) { if (addresstype == BAD_HOSTNAME) {
log_warn(LD_APP, "Invalid onion hostname %s; rejecting", log_warn(LD_APP, "Invalid onion hostname %s; rejecting",
safe_str(socks->address)); safe_str_client(socks->address));
control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s", control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
escaped(socks->address)); escaped(socks->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
@ -1521,7 +1521,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
*s = 0; *s = 0;
} else { } else {
log_warn(LD_APP,"Malformed exit address '%s.exit'. Refusing.", log_warn(LD_APP,"Malformed exit address '%s.exit'. Refusing.",
safe_str(socks->address)); safe_str_client(socks->address));
control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s", control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
escaped(socks->address)); escaped(socks->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
@ -1537,7 +1537,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
} else { } else {
log_warn(LD_APP, log_warn(LD_APP,
"Unrecognized server in exit address '%s.exit'. Refusing.", "Unrecognized server in exit address '%s.exit'. Refusing.",
safe_str(socks->address)); safe_str_client(socks->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return -1; return -1;
} }
@ -1551,7 +1551,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
escaped(socks->address)); escaped(socks->address));
log_warn(LD_APP, log_warn(LD_APP,
"Destination '%s' seems to be an invalid hostname. Failing.", "Destination '%s' seems to be an invalid hostname. Failing.",
safe_str(socks->address)); safe_str_client(socks->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return -1; return -1;
} }
@ -1589,7 +1589,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
if (r) { if (r) {
log_info(LD_APP, log_info(LD_APP,
"Redirecting address %s to exit at enclave router %s", "Redirecting address %s to exit at enclave router %s",
safe_str(socks->address), r->nickname); safe_str_client(socks->address), r->nickname);
/* use the hex digest, not nickname, in case there are two /* use the hex digest, not nickname, in case there are two
routers with this nickname */ routers with this nickname */
conn->chosen_exit_name = conn->chosen_exit_name =
@ -1653,12 +1653,12 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
strlcpy(conn->rend_data->onion_address, socks->address, strlcpy(conn->rend_data->onion_address, socks->address,
sizeof(conn->rend_data->onion_address)); sizeof(conn->rend_data->onion_address));
log_info(LD_REND,"Got a hidden service request for ID '%s'", log_info(LD_REND,"Got a hidden service request for ID '%s'",
safe_str(conn->rend_data->onion_address)); safe_str_client(conn->rend_data->onion_address));
/* see if we already have it cached */ /* see if we already have it cached */
r = rend_cache_lookup_entry(conn->rend_data->onion_address, -1, &entry); r = rend_cache_lookup_entry(conn->rend_data->onion_address, -1, &entry);
if (r<0) { if (r<0) {
log_warn(LD_BUG,"Invalid service name '%s'", log_warn(LD_BUG,"Invalid service name '%s'",
safe_str(conn->rend_data->onion_address)); safe_str_client(conn->rend_data->onion_address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return -1; return -1;
} }
@ -1680,7 +1680,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
if (r==0) { if (r==0) {
conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT; conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT;
log_info(LD_REND, "Unknown descriptor %s. Fetching.", log_info(LD_REND, "Unknown descriptor %s. Fetching.",
safe_str(conn->rend_data->onion_address)); safe_str_client(conn->rend_data->onion_address));
rend_client_refetch_v2_renddesc(conn->rend_data); rend_client_refetch_v2_renddesc(conn->rend_data);
} else { /* r > 0 */ } else { /* r > 0 */
conn->_base.state = AP_CONN_STATE_CIRCUIT_WAIT; conn->_base.state = AP_CONN_STATE_CIRCUIT_WAIT;
@ -2139,7 +2139,7 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
r = tor_addr_parse_reverse_lookup_name(&addr, a, AF_INET, 1); r = tor_addr_parse_reverse_lookup_name(&addr, a, AF_INET, 1);
if (r <= 0) { if (r <= 0) {
log_warn(LD_APP, "Rejecting ill-formed reverse lookup of %s", log_warn(LD_APP, "Rejecting ill-formed reverse lookup of %s",
safe_str(a)); safe_str_client(a));
connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL); connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
return -1; return -1;
} }
@ -2147,7 +2147,7 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
r = tor_addr_to_reverse_lookup_name(inaddr_buf, sizeof(inaddr_buf), &addr); r = tor_addr_to_reverse_lookup_name(inaddr_buf, sizeof(inaddr_buf), &addr);
if (r < 0) { if (r < 0) {
log_warn(LD_BUG, "Couldn't generate reverse lookup hostname of %s", log_warn(LD_BUG, "Couldn't generate reverse lookup hostname of %s",
safe_str(a)); safe_str_client(a));
connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL); connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
return -1; return -1;
} }
@ -2189,7 +2189,7 @@ connection_ap_make_link(char *address, uint16_t port,
log_info(LD_APP,"Making internal %s tunnel to %s:%d ...", log_info(LD_APP,"Making internal %s tunnel to %s:%d ...",
want_onehop ? "direct" : "anonymized", want_onehop ? "direct" : "anonymized",
safe_str(address), port); safe_str_client(address), port);
conn = edge_connection_new(CONN_TYPE_AP, AF_INET); conn = edge_connection_new(CONN_TYPE_AP, AF_INET);
conn->_base.linked = 1; /* so that we can add it safely below. */ conn->_base.linked = 1; /* so that we can add it safely below. */
@ -2692,7 +2692,7 @@ connection_exit_connect(edge_connection_t *edge_conn)
if (!connection_edge_is_rendezvous_stream(edge_conn) && if (!connection_edge_is_rendezvous_stream(edge_conn) &&
router_compare_to_my_exit_policy(edge_conn)) { router_compare_to_my_exit_policy(edge_conn)) {
log_info(LD_EXIT,"%s:%d failed exit policy. Closing.", log_info(LD_EXIT,"%s:%d failed exit policy. Closing.",
escaped_safe_str(conn->address), conn->port); escaped_safe_str_client(conn->address), conn->port);
connection_edge_end(edge_conn, END_STREAM_REASON_EXITPOLICY); connection_edge_end(edge_conn, END_STREAM_REASON_EXITPOLICY);
circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn); circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn);
connection_free(conn); connection_free(conn);

View File

@ -775,7 +775,7 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving)
conn->_base.state = OR_CONN_STATE_TLS_HANDSHAKING; conn->_base.state = OR_CONN_STATE_TLS_HANDSHAKING;
conn->tls = tor_tls_new(conn->_base.s, receiving); conn->tls = tor_tls_new(conn->_base.s, receiving);
tor_tls_set_logged_address(conn->tls, // XXX client and relay? tor_tls_set_logged_address(conn->tls, // XXX client and relay?
escaped_safe_str_relay(conn->_base.address)); escaped_safe_str(conn->_base.address));
if (!conn->tls) { if (!conn->tls) {
log_warn(LD_BUG,"tor_tls_new failed. Closing."); log_warn(LD_BUG,"tor_tls_new failed. Closing.");
return -1; return -1;
@ -916,7 +916,7 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN; int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN;
const char *safe_address = const char *safe_address =
started_here ? conn->_base.address : started_here ? conn->_base.address :
safe_str(conn->_base.address); safe_str_client(conn->_base.address);
const char *conn_type = started_here ? "outgoing" : "incoming"; const char *conn_type = started_here ? "outgoing" : "incoming";
int has_cert = 0, has_identity=0; int has_cert = 0, has_identity=0;
@ -1032,7 +1032,7 @@ connection_tls_finish_handshake(or_connection_t *conn)
int started_here = connection_or_nonopen_was_started_here(conn); int started_here = connection_or_nonopen_was_started_here(conn);
log_debug(LD_HANDSHAKE,"tls handshake with %s done. verifying.", log_debug(LD_HANDSHAKE,"tls handshake with %s done. verifying.",
safe_str(conn->_base.address)); safe_str_client(conn->_base.address));
directory_set_dirty(); directory_set_dirty();

View File

@ -1248,7 +1248,7 @@ handle_control_mapaddress(control_connection_t *conn, uint32_t len,
smartlist_add(reply, ans); smartlist_add(reply, ans);
log_warn(LD_CONTROL, log_warn(LD_CONTROL,
"Unable to allocate address for '%s' in MapAddress msg", "Unable to allocate address for '%s' in MapAddress msg",
safe_str(line)); safe_str_client(line));
} else { } else {
tor_snprintf(ans, anslen, "250-%s=%s", address, to); tor_snprintf(ans, anslen, "250-%s=%s", address, to);
smartlist_add(reply, ans); smartlist_add(reply, ans);
@ -1266,7 +1266,7 @@ handle_control_mapaddress(control_connection_t *conn, uint32_t len,
smartlist_add(reply, ans); smartlist_add(reply, ans);
log_info(LD_CONTROL, "Skipping MapAddress '%s': wrong " log_info(LD_CONTROL, "Skipping MapAddress '%s': wrong "
"number of items.", "number of items.",
safe_str(line)); safe_str_client(line));
} }
SMARTLIST_FOREACH(elts, char *, cp, tor_free(cp)); SMARTLIST_FOREACH(elts, char *, cp, tor_free(cp));
smartlist_clear(elts); smartlist_clear(elts);

View File

@ -2921,7 +2921,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
const char *query = url + strlen("/tor/rendezvous2/"); const char *query = url + strlen("/tor/rendezvous2/");
if (strlen(query) == REND_DESC_ID_V2_LEN_BASE32) { if (strlen(query) == REND_DESC_ID_V2_LEN_BASE32) {
log_info(LD_REND, "Got a v2 rendezvous descriptor request for ID '%s'", log_info(LD_REND, "Got a v2 rendezvous descriptor request for ID '%s'",
safe_str_relay(query)); safe_str(query));
switch (rend_cache_lookup_v2_desc_as_dir(query, &descp)) { switch (rend_cache_lookup_v2_desc_as_dir(query, &descp)) {
case 1: /* valid */ case 1: /* valid */
write_http_response_header(conn, strlen(descp), 0, 0); write_http_response_header(conn, strlen(descp), 0, 0);
@ -3243,7 +3243,7 @@ directory_handle_command(dir_connection_t *conn)
case -1: /* overflow */ case -1: /* overflow */
log_warn(LD_DIRSERV, log_warn(LD_DIRSERV,
"Request too large from address '%s' to DirPort. Closing.", "Request too large from address '%s' to DirPort. Closing.",
safe_str_relay(conn->_base.address)); safe_str(conn->_base.address));
return -1; return -1;
case 0: case 0:
log_debug(LD_DIRSERV,"command not all here yet."); log_debug(LD_DIRSERV,"command not all here yet.");

View File

@ -394,12 +394,12 @@ purge_expired_resolves(time_t now)
log_debug(LD_EXIT, log_debug(LD_EXIT,
"Expiring a dns resolve %s that's still pending. Forgot to " "Expiring a dns resolve %s that's still pending. Forgot to "
"cull it? DNS resolve didn't tell us about the timeout?", "cull it? DNS resolve didn't tell us about the timeout?",
escaped_safe_str_relay(resolve->address)); escaped_safe_str(resolve->address));
} else if (resolve->state == CACHE_STATE_CACHED_VALID || } else if (resolve->state == CACHE_STATE_CACHED_VALID ||
resolve->state == CACHE_STATE_CACHED_FAILED) { resolve->state == CACHE_STATE_CACHED_FAILED) {
log_debug(LD_EXIT, log_debug(LD_EXIT,
"Forgetting old cached resolve (address %s, expires %lu)", "Forgetting old cached resolve (address %s, expires %lu)",
escaped_safe_str_relay(resolve->address), escaped_safe_str(resolve->address),
(unsigned long)resolve->expire); (unsigned long)resolve->expire);
tor_assert(!resolve->pending_connections); tor_assert(!resolve->pending_connections);
} else { } else {
@ -667,7 +667,7 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
if (address_is_invalid_destination(exitconn->_base.address, 0)) { if (address_is_invalid_destination(exitconn->_base.address, 0)) {
log(LOG_PROTOCOL_WARN, LD_EXIT, log(LOG_PROTOCOL_WARN, LD_EXIT,
"Rejecting invalid destination address %s", "Rejecting invalid destination address %s",
escaped_safe_str_relay(exitconn->_base.address)); escaped_safe_str(exitconn->_base.address));
return -1; return -1;
} }
@ -693,12 +693,12 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
if (!is_reverse || !is_resolve) { if (!is_reverse || !is_resolve) {
if (!is_reverse) if (!is_reverse)
log_info(LD_EXIT, "Bad .in-addr.arpa address \"%s\"; sending error.", log_info(LD_EXIT, "Bad .in-addr.arpa address \"%s\"; sending error.",
escaped_safe_str_relay(exitconn->_base.address)); escaped_safe_str(exitconn->_base.address));
else if (!is_resolve) else if (!is_resolve)
log_info(LD_EXIT, log_info(LD_EXIT,
"Attempt to connect to a .in-addr.arpa address \"%s\"; " "Attempt to connect to a .in-addr.arpa address \"%s\"; "
"sending error.", "sending error.",
escaped_safe_str_relay(exitconn->_base.address)); escaped_safe_str(exitconn->_base.address));
return -1; return -1;
} }
@ -720,12 +720,12 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
resolve->pending_connections = pending_connection; resolve->pending_connections = pending_connection;
log_debug(LD_EXIT,"Connection (fd %d) waiting for pending DNS " log_debug(LD_EXIT,"Connection (fd %d) waiting for pending DNS "
"resolve of %s", exitconn->_base.s, "resolve of %s", exitconn->_base.s,
escaped_safe_str_relay(exitconn->_base.address)); escaped_safe_str(exitconn->_base.address));
return 0; return 0;
case CACHE_STATE_CACHED_VALID: case CACHE_STATE_CACHED_VALID:
log_debug(LD_EXIT,"Connection (fd %d) found cached answer for %s", log_debug(LD_EXIT,"Connection (fd %d) found cached answer for %s",
exitconn->_base.s, exitconn->_base.s,
escaped_safe_str_relay(resolve->address)); escaped_safe_str(resolve->address));
exitconn->address_ttl = resolve->ttl; exitconn->address_ttl = resolve->ttl;
if (resolve->is_reverse) { if (resolve->is_reverse) {
tor_assert(is_resolve); tor_assert(is_resolve);
@ -737,7 +737,7 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
case CACHE_STATE_CACHED_FAILED: case CACHE_STATE_CACHED_FAILED:
log_debug(LD_EXIT,"Connection (fd %d) found cached error for %s", log_debug(LD_EXIT,"Connection (fd %d) found cached error for %s",
exitconn->_base.s, exitconn->_base.s,
escaped_safe_str_relay(exitconn->_base.address)); escaped_safe_str(exitconn->_base.address));
return -1; return -1;
case CACHE_STATE_DONE: case CACHE_STATE_DONE:
log_err(LD_BUG, "Found a 'DONE' dns resolve still in the cache."); log_err(LD_BUG, "Found a 'DONE' dns resolve still in the cache.");
@ -763,7 +763,7 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
set_expiry(resolve, now + RESOLVE_MAX_TIMEOUT); set_expiry(resolve, now + RESOLVE_MAX_TIMEOUT);
log_debug(LD_EXIT,"Launching %s.", log_debug(LD_EXIT,"Launching %s.",
escaped_safe_str_relay(exitconn->_base.address)); escaped_safe_str(exitconn->_base.address));
assert_cache_ok(); assert_cache_ok();
return launch_resolve(exitconn); return launch_resolve(exitconn);
@ -832,7 +832,7 @@ connection_dns_remove(edge_connection_t *conn)
resolve = HT_FIND(cache_map, &cache_root, &search); resolve = HT_FIND(cache_map, &cache_root, &search);
if (!resolve) { if (!resolve) {
log_notice(LD_BUG, "Address %s is not pending. Dropping.", log_notice(LD_BUG, "Address %s is not pending. Dropping.",
escaped_safe_str_relay(conn->_base.address)); escaped_safe_str(conn->_base.address));
return; return;
} }
@ -847,7 +847,7 @@ connection_dns_remove(edge_connection_t *conn)
log_debug(LD_EXIT, "First connection (fd %d) no longer waiting " log_debug(LD_EXIT, "First connection (fd %d) no longer waiting "
"for resolve of %s", "for resolve of %s",
conn->_base.s, conn->_base.s,
escaped_safe_str_relay(conn->_base.address)); escaped_safe_str(conn->_base.address));
return; return;
} else { } else {
for ( ; pend->next; pend = pend->next) { for ( ; pend->next; pend = pend->next) {
@ -857,7 +857,7 @@ connection_dns_remove(edge_connection_t *conn)
tor_free(victim); tor_free(victim);
log_debug(LD_EXIT, log_debug(LD_EXIT,
"Connection (fd %d) no longer waiting for resolve of %s", "Connection (fd %d) no longer waiting for resolve of %s",
conn->_base.s, escaped_safe_str_relay(conn->_base.address)); conn->_base.s, escaped_safe_str(conn->_base.address));
return; /* more are pending */ return; /* more are pending */
} }
} }
@ -891,7 +891,7 @@ dns_cancel_pending_resolve(const char *address)
if (resolve->pending_connections) { if (resolve->pending_connections) {
log_warn(LD_BUG, log_warn(LD_BUG,
"Address %s is not pending but has pending connections!", "Address %s is not pending but has pending connections!",
escaped_safe_str_relay(address)); escaped_safe_str(address));
tor_fragile_assert(); tor_fragile_assert();
} }
return; return;
@ -900,7 +900,7 @@ dns_cancel_pending_resolve(const char *address)
if (!resolve->pending_connections) { if (!resolve->pending_connections) {
log_warn(LD_BUG, log_warn(LD_BUG,
"Address %s is pending but has no pending connections!", "Address %s is pending but has no pending connections!",
escaped_safe_str_relay(address)); escaped_safe_str(address));
tor_fragile_assert(); tor_fragile_assert();
return; return;
} }
@ -909,7 +909,7 @@ dns_cancel_pending_resolve(const char *address)
/* mark all pending connections to fail */ /* mark all pending connections to fail */
log_debug(LD_EXIT, log_debug(LD_EXIT,
"Failing all connections waiting on DNS resolve of %s", "Failing all connections waiting on DNS resolve of %s",
escaped_safe_str_relay(address)); escaped_safe_str(address));
while (resolve->pending_connections) { while (resolve->pending_connections) {
pend = resolve->pending_connections; pend = resolve->pending_connections;
pend->conn->_base.state = EXIT_CONN_STATE_RESOLVEFAILED; pend->conn->_base.state = EXIT_CONN_STATE_RESOLVEFAILED;
@ -1017,7 +1017,7 @@ dns_found_answer(const char *address, uint8_t is_reverse, uint32_t addr,
int is_test_addr = is_test_address(address); int is_test_addr = is_test_address(address);
if (!is_test_addr) if (!is_test_addr)
log_info(LD_EXIT,"Resolved unasked address %s; caching anyway.", log_info(LD_EXIT,"Resolved unasked address %s; caching anyway.",
escaped_safe_str_relay(address)); escaped_safe_str(address));
add_answer_to_cache(address, is_reverse, addr, hostname, outcome, ttl); add_answer_to_cache(address, is_reverse, addr, hostname, outcome, ttl);
return; return;
} }
@ -1030,7 +1030,7 @@ dns_found_answer(const char *address, uint8_t is_reverse, uint32_t addr,
if (!is_test_addr) if (!is_test_addr)
log_notice(LD_EXIT, log_notice(LD_EXIT,
"Resolved %s which was already resolved; ignoring", "Resolved %s which was already resolved; ignoring",
escaped_safe_str_relay(address)); escaped_safe_str(address));
tor_assert(resolve->pending_connections == NULL); tor_assert(resolve->pending_connections == NULL);
return; return;
} }
@ -1297,15 +1297,15 @@ evdns_callback(int result, char type, int count, int ttl, void *addresses,
if (answer_is_wildcarded(answer_buf)) { if (answer_is_wildcarded(answer_buf)) {
log_debug(LD_EXIT, "eventdns said that %s resolves to ISP-hijacked " log_debug(LD_EXIT, "eventdns said that %s resolves to ISP-hijacked "
"address %s; treating as a failure.", "address %s; treating as a failure.",
safe_str_relay(escaped_address), safe_str(escaped_address),
escaped_safe_str_relay(answer_buf)); escaped_safe_str(answer_buf));
was_wildcarded = 1; was_wildcarded = 1;
addr = 0; addr = 0;
status = DNS_RESOLVE_FAILED_PERMANENT; status = DNS_RESOLVE_FAILED_PERMANENT;
} else { } else {
log_debug(LD_EXIT, "eventdns said that %s resolves to %s", log_debug(LD_EXIT, "eventdns said that %s resolves to %s",
safe_str_relay(escaped_address), safe_str(escaped_address),
escaped_safe_str_relay(answer_buf)); escaped_safe_str(answer_buf));
} }
tor_free(escaped_address); tor_free(escaped_address);
} else if (type == DNS_PTR && count) { } else if (type == DNS_PTR && count) {
@ -1315,15 +1315,15 @@ evdns_callback(int result, char type, int count, int ttl, void *addresses,
status = DNS_RESOLVE_SUCCEEDED; status = DNS_RESOLVE_SUCCEEDED;
escaped_address = esc_for_log(string_address); escaped_address = esc_for_log(string_address);
log_debug(LD_EXIT, "eventdns said that %s resolves to %s", log_debug(LD_EXIT, "eventdns said that %s resolves to %s",
safe_str_relay(escaped_address), safe_str(escaped_address),
escaped_safe_str_relay(hostname)); escaped_safe_str(hostname));
tor_free(escaped_address); tor_free(escaped_address);
} else if (count) { } else if (count) {
log_warn(LD_EXIT, "eventdns returned only non-IPv4 answers for %s.", log_warn(LD_EXIT, "eventdns returned only non-IPv4 answers for %s.",
escaped_safe_str_relay(string_address)); escaped_safe_str(string_address));
} else { } else {
log_warn(LD_BUG, "eventdns returned no addresses or error for %s!", log_warn(LD_BUG, "eventdns returned no addresses or error for %s!",
escaped_safe_str_relay(string_address)); escaped_safe_str(string_address));
} }
} else { } else {
if (evdns_err_is_transient(result)) if (evdns_err_is_transient(result))
@ -1366,13 +1366,13 @@ launch_resolve(edge_connection_t *exitconn)
&a, exitconn->_base.address, AF_UNSPEC, 0); &a, exitconn->_base.address, AF_UNSPEC, 0);
if (r == 0) { if (r == 0) {
log_info(LD_EXIT, "Launching eventdns request for %s", log_info(LD_EXIT, "Launching eventdns request for %s",
escaped_safe_str_relay(exitconn->_base.address)); escaped_safe_str(exitconn->_base.address));
req = evdns_base_resolve_ipv4(the_evdns_base, req = evdns_base_resolve_ipv4(the_evdns_base,
exitconn->_base.address, options, exitconn->_base.address, options,
evdns_callback, addr); evdns_callback, addr);
} else if (r == 1) { } else if (r == 1) {
log_info(LD_EXIT, "Launching eventdns reverse request for %s", log_info(LD_EXIT, "Launching eventdns reverse request for %s",
escaped_safe_str_relay(exitconn->_base.address)); escaped_safe_str(exitconn->_base.address));
if (tor_addr_family(&a) == AF_INET) if (tor_addr_family(&a) == AF_INET)
req = evdns_base_resolve_reverse(the_evdns_base, req = evdns_base_resolve_reverse(the_evdns_base,
tor_addr_to_in(&a), DNS_QUERY_NO_SEARCH, tor_addr_to_in(&a), DNS_QUERY_NO_SEARCH,
@ -1388,7 +1388,7 @@ launch_resolve(edge_connection_t *exitconn)
r = 0; r = 0;
if (!req) { if (!req) {
log_warn(LD_EXIT, "eventdns rejected address %s.", log_warn(LD_EXIT, "eventdns rejected address %s.",
escaped_safe_str_relay(addr)); escaped_safe_str(addr));
r = -1; r = -1;
tor_free(addr); /* There is no evdns request in progress; stop tor_free(addr); /* There is no evdns request in progress; stop
* addr from getting leaked. */ * addr from getting leaked. */
@ -1571,7 +1571,7 @@ launch_test_addresses(int fd, short event, void *args)
if (!req) { if (!req) {
log_info(LD_EXIT, "eventdns rejected test address %s", log_info(LD_EXIT, "eventdns rejected test address %s",
escaped_safe_str_relay(address)); escaped_safe_str(address));
tor_free(a); tor_free(a);
} }
} SMARTLIST_FOREACH_END(address); } SMARTLIST_FOREACH_END(address);

View File

@ -138,13 +138,13 @@ evdns_server_callback(struct evdns_server_request *req, void *_data)
* immediately if it's in the cache, or completely bogus, or automapped), * immediately if it's in the cache, or completely bogus, or automapped),
* and then attached to a circuit. */ * and then attached to a circuit. */
log_info(LD_APP, "Passing request for %s to rewrite_and_attach.", log_info(LD_APP, "Passing request for %s to rewrite_and_attach.",
escaped_safe_str(q->name)); escaped_safe_str_client(q->name));
q_name = tor_strdup(q->name); /* q could be freed in rewrite_and_attach */ q_name = tor_strdup(q->name); /* q could be freed in rewrite_and_attach */
connection_ap_handshake_rewrite_and_attach(conn, NULL, NULL); connection_ap_handshake_rewrite_and_attach(conn, NULL, NULL);
/* Now, the connection is marked if it was bad. */ /* Now, the connection is marked if it was bad. */
log_info(LD_APP, "Passed request for %s to rewrite_and_attach.", log_info(LD_APP, "Passed request for %s to rewrite_and_attach.",
escaped_safe_str(q_name)); escaped_safe_str_client(q_name));
tor_free(q_name); tor_free(q_name);
} }
@ -183,13 +183,13 @@ dnsserv_launch_request(const char *name, int reverse)
* immediately if it's in the cache, or completely bogus, or automapped), * immediately if it's in the cache, or completely bogus, or automapped),
* and then attached to a circuit. */ * and then attached to a circuit. */
log_info(LD_APP, "Passing request for %s to rewrite_and_attach.", log_info(LD_APP, "Passing request for %s to rewrite_and_attach.",
escaped_safe_str(name)); escaped_safe_str_client(name));
q_name = tor_strdup(name); /* q could be freed in rewrite_and_attach */ q_name = tor_strdup(name); /* q could be freed in rewrite_and_attach */
connection_ap_handshake_rewrite_and_attach(conn, NULL, NULL); connection_ap_handshake_rewrite_and_attach(conn, NULL, NULL);
/* Now, the connection is marked if it was bad. */ /* Now, the connection is marked if it was bad. */
log_info(LD_APP, "Passed request for %s to rewrite_and_attach.", log_info(LD_APP, "Passed request for %s to rewrite_and_attach.",
escaped_safe_str(q_name)); escaped_safe_str_client(q_name));
tor_free(q_name); tor_free(q_name);
return 0; return 0;
} }

View File

@ -563,7 +563,7 @@ conn_close_if_marked(int i)
log_info(LD_NET, log_info(LD_NET,
"Conn (addr %s, fd %d, type %s, state %d) marked, but wants " "Conn (addr %s, fd %d, type %s, state %d) marked, but wants "
"to flush %d bytes. (Marked at %s:%d)", "to flush %d bytes. (Marked at %s:%d)",
escaped_safe_str(conn->address), escaped_safe_str_client(conn->address),
conn->s, conn_type_to_string(conn->type), conn->state, conn->s, conn_type_to_string(conn->type), conn->state,
(int)conn->outbuf_flushlen, (int)conn->outbuf_flushlen,
conn->marked_for_close_file, conn->marked_for_close); conn->marked_for_close_file, conn->marked_for_close);
@ -616,7 +616,7 @@ conn_close_if_marked(int i)
"something is wrong with theirs. " "something is wrong with theirs. "
"(fd %d, type %s, state %d, marked at %s:%d).", "(fd %d, type %s, state %d, marked at %s:%d).",
(int)buf_datalen(conn->outbuf), (int)buf_datalen(conn->outbuf),
escaped_safe_str(conn->address), escaped_safe_str_client(conn->address),
conn->s, conn_type_to_string(conn->type), conn->state, conn->s, conn_type_to_string(conn->type), conn->state,
conn->marked_for_close_file, conn->marked_for_close_file,
conn->marked_for_close); conn->marked_for_close);
@ -646,7 +646,7 @@ directory_all_unreachable(time_t now)
log_notice(LD_NET, log_notice(LD_NET,
"Is your network connection down? " "Is your network connection down? "
"Failing connection to '%s:%d'.", "Failing connection to '%s:%d'.",
safe_str(edge_conn->socks_request->address), safe_str_client(edge_conn->socks_request->address),
edge_conn->socks_request->port); edge_conn->socks_request->port);
connection_mark_unattached_ap(edge_conn, connection_mark_unattached_ap(edge_conn,
END_STREAM_REASON_NET_UNREACHABLE); END_STREAM_REASON_NET_UNREACHABLE);
@ -1678,7 +1678,7 @@ dumpstats(int severity)
if (!connection_is_listener(conn)) { if (!connection_is_listener(conn)) {
log(severity,LD_GENERAL, log(severity,LD_GENERAL,
"Conn %d is to %s:%d.", i, "Conn %d is to %s:%d.", i,
safe_str(conn->address), safe_str_client(conn->address),
conn->port); conn->port);
log(severity,LD_GENERAL, log(severity,LD_GENERAL,
"Conn %d: %d bytes waiting on inbuf (len %d, last read %d secs ago)", "Conn %d: %d bytes waiting on inbuf (len %d, last read %d secs ago)",

View File

@ -3212,10 +3212,10 @@ const char *get_dirportfrontpage(void);
or_options_t *get_options(void); or_options_t *get_options(void);
int set_options(or_options_t *new_val, char **msg); int set_options(or_options_t *new_val, char **msg);
void config_free_all(void); void config_free_all(void);
const char *safe_str_client(const char *address);
const char *safe_str(const char *address); const char *safe_str(const char *address);
const char *safe_str_relay(const char *address); const char *escaped_safe_str_client(const char *address);
const char *escaped_safe_str(const char *address); const char *escaped_safe_str(const char *address);
const char *escaped_safe_str_relay(const char *address);
const char *get_version(void); const char *get_version(void);
int config_get_lines(const char *string, config_line_t **result); int config_get_lines(const char *string, config_line_t **result);

View File

@ -676,7 +676,7 @@ connection_ap_process_end_not_open(
!connection_edge_is_rendezvous_stream(conn) /* avoid retry if rend */ !connection_edge_is_rendezvous_stream(conn) /* avoid retry if rend */
) { ) {
log_info(LD_APP,"Address '%s' refused due to '%s'. Considering retrying.", log_info(LD_APP,"Address '%s' refused due to '%s'. Considering retrying.",
safe_str_relay(conn->socks_request->address), safe_str(conn->socks_request->address),
stream_end_reason_to_string(reason)); stream_end_reason_to_string(reason));
exitrouter = exitrouter =
router_get_by_digest(circ->build_state->chosen_exit->identity_digest); router_get_by_digest(circ->build_state->chosen_exit->identity_digest);
@ -687,7 +687,7 @@ connection_ap_process_end_not_open(
int ttl; int ttl;
if (!addr) { if (!addr) {
log_info(LD_APP,"Address '%s' resolved to 0.0.0.0. Closing,", log_info(LD_APP,"Address '%s' resolved to 0.0.0.0. Closing,",
safe_str_relay(conn->socks_request->address)); safe_str(conn->socks_request->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return 0; return 0;
} }
@ -699,7 +699,7 @@ connection_ap_process_end_not_open(
if (get_options()->ClientDNSRejectInternalAddresses && if (get_options()->ClientDNSRejectInternalAddresses &&
is_internal_IP(addr, 0)) { is_internal_IP(addr, 0)) {
log_info(LD_APP,"Address '%s' resolved to internal. Closing,", log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
safe_str_relay(conn->socks_request->address)); safe_str(conn->socks_request->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return 0; return 0;
} }
@ -768,7 +768,7 @@ connection_ap_process_end_not_open(
log_notice(LD_APP, log_notice(LD_APP,
"Have tried resolving or connecting to address '%s' " "Have tried resolving or connecting to address '%s' "
"at %d different places. Giving up.", "at %d different places. Giving up.",
safe_str_relay(conn->socks_request->address), safe_str(conn->socks_request->address),
MAX_RESOLVE_FAILURES); MAX_RESOLVE_FAILURES);
/* clear the failures, so it will have a full try next time */ /* clear the failures, so it will have a full try next time */
client_dns_clear_failures(conn->socks_request->address); client_dns_clear_failures(conn->socks_request->address);

View File

@ -76,7 +76,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
&entry) < 1) { &entry) < 1) {
log_warn(LD_REND, log_warn(LD_REND,
"query %s didn't have valid rend desc in cache. Failing.", "query %s didn't have valid rend desc in cache. Failing.",
escaped_safe_str(introcirc->rend_data->onion_address)); escaped_safe_str_client(introcirc->rend_data->onion_address));
goto err; goto err;
} }
@ -269,7 +269,7 @@ rend_client_introduction_acked(origin_circuit_t *circ,
extend_info = rend_client_get_random_intro(circ->rend_data); extend_info = rend_client_get_random_intro(circ->rend_data);
if (!extend_info) { if (!extend_info) {
log_warn(LD_REND, "No introduction points left for %s. Closing.", log_warn(LD_REND, "No introduction points left for %s. Closing.",
escaped_safe_str(circ->rend_data->onion_address)); escaped_safe_str_client(circ->rend_data->onion_address));
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL); circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
return -1; return -1;
} }
@ -277,7 +277,7 @@ rend_client_introduction_acked(origin_circuit_t *circ,
log_info(LD_REND, log_info(LD_REND,
"Got nack for %s from %s. Re-extending circ %d, " "Got nack for %s from %s. Re-extending circ %d, "
"this time to %s.", "this time to %s.",
escaped_safe_str(circ->rend_data->onion_address), escaped_safe_str_client(circ->rend_data->onion_address),
circ->build_state->chosen_exit->nickname, circ->build_state->chosen_exit->nickname,
circ->_base.n_circ_id, extend_info->nickname); circ->_base.n_circ_id, extend_info->nickname);
result = circuit_extend_to_new_exit(circ, extend_info); result = circuit_extend_to_new_exit(circ, extend_info);
@ -285,7 +285,7 @@ rend_client_introduction_acked(origin_circuit_t *circ,
log_info(LD_REND, log_info(LD_REND,
"Got nack for %s from %s. Building a new introduction " "Got nack for %s from %s. Building a new introduction "
"circuit, this time to %s.", "circuit, this time to %s.",
escaped_safe_str(circ->rend_data->onion_address), escaped_safe_str_client(circ->rend_data->onion_address),
circ->build_state->chosen_exit->nickname, circ->build_state->chosen_exit->nickname,
extend_info->nickname); extend_info->nickname);
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED); circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
@ -445,7 +445,7 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
rend_query->onion_address, desc_id_base32, rend_query->onion_address, desc_id_base32,
rend_query->auth_type, rend_query->auth_type,
(rend_query->auth_type == REND_NO_AUTH ? "[none]" : (rend_query->auth_type == REND_NO_AUTH ? "[none]" :
escaped_safe_str(descriptor_cookie_base64)), escaped_safe_str_client(descriptor_cookie_base64)),
hs_dir->nickname, hs_dir->dir_port); hs_dir->nickname, hs_dir->dir_port);
return 1; return 1;
} }
@ -474,7 +474,7 @@ rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
return; return;
} }
log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s", log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s",
safe_str(rend_query->onion_address)); safe_str_client(rend_query->onion_address));
/* Randomly iterate over the replicas until a descriptor can be fetched /* Randomly iterate over the replicas until a descriptor can be fetched
* from one of the consecutive nodes, or no options are left. */ * from one of the consecutive nodes, or no options are left. */
tries_left = REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; tries_left = REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
@ -522,12 +522,12 @@ rend_client_remove_intro_point(extend_info_t *failed_intro,
r = rend_cache_lookup_entry(rend_query->onion_address, -1, &ent); r = rend_cache_lookup_entry(rend_query->onion_address, -1, &ent);
if (r<0) { if (r<0) {
log_warn(LD_BUG, "Malformed service ID %s.", log_warn(LD_BUG, "Malformed service ID %s.",
escaped_safe_str(rend_query->onion_address)); escaped_safe_str_client(rend_query->onion_address));
return -1; return -1;
} }
if (r==0) { if (r==0) {
log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.", log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.",
escaped_safe_str(rend_query->onion_address)); escaped_safe_str_client(rend_query->onion_address));
rend_client_refetch_v2_renddesc(rend_query); rend_client_refetch_v2_renddesc(rend_query);
return 0; return 0;
} }
@ -545,7 +545,7 @@ rend_client_remove_intro_point(extend_info_t *failed_intro,
if (smartlist_len(ent->parsed->intro_nodes) == 0) { if (smartlist_len(ent->parsed->intro_nodes) == 0) {
log_info(LD_REND, log_info(LD_REND,
"No more intro points remain for %s. Re-fetching descriptor.", "No more intro points remain for %s. Re-fetching descriptor.",
escaped_safe_str(rend_query->onion_address)); escaped_safe_str_client(rend_query->onion_address));
rend_client_refetch_v2_renddesc(rend_query); rend_client_refetch_v2_renddesc(rend_query);
/* move all pending streams back to renddesc_wait */ /* move all pending streams back to renddesc_wait */
@ -559,7 +559,7 @@ rend_client_remove_intro_point(extend_info_t *failed_intro,
} }
log_info(LD_REND,"%d options left for %s.", log_info(LD_REND,"%d options left for %s.",
smartlist_len(ent->parsed->intro_nodes), smartlist_len(ent->parsed->intro_nodes),
escaped_safe_str(rend_query->onion_address)); escaped_safe_str_client(rend_query->onion_address));
return 1; return 1;
} }
@ -706,7 +706,7 @@ rend_client_desc_trynow(const char *query)
} else { /* 404, or fetch didn't get that far */ } else { /* 404, or fetch didn't get that far */
log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is " log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is "
"unavailable (try again later).", "unavailable (try again later).",
safe_str(query)); safe_str_client(query));
connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED); connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED);
} }
} SMARTLIST_FOREACH_END(_conn); } SMARTLIST_FOREACH_END(_conn);
@ -727,7 +727,7 @@ rend_client_get_random_intro(const rend_data_t *rend_query)
if (rend_cache_lookup_entry(rend_query->onion_address, -1, &entry) < 1) { if (rend_cache_lookup_entry(rend_query->onion_address, -1, &entry) < 1) {
log_warn(LD_REND, log_warn(LD_REND,
"Query '%s' didn't have valid rend desc in cache. Failing.", "Query '%s' didn't have valid rend desc in cache. Failing.",
safe_str(rend_query->onion_address)); safe_str_client(rend_query->onion_address));
return NULL; return NULL;
} }

View File

@ -126,7 +126,7 @@ rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) { strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) {
log_warn(LD_REND, "Could not compute v2 descriptor ID: " log_warn(LD_REND, "Could not compute v2 descriptor ID: "
"Illegal service ID: %s", "Illegal service ID: %s",
safe_str_relay(service_id)); safe_str(service_id));
return -1; return -1;
} }
if (replica >= REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS) { if (replica >= REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS) {
@ -139,7 +139,7 @@ rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
service_id, REND_SERVICE_ID_LEN_BASE32) < 0) { service_id, REND_SERVICE_ID_LEN_BASE32) < 0) {
log_warn(LD_REND, "Could not compute v2 descriptor ID: " log_warn(LD_REND, "Could not compute v2 descriptor ID: "
"Illegal characters in service ID: %s", "Illegal characters in service ID: %s",
safe_str(service_id)); safe_str_client(service_id));
return -1; return -1;
} }
/* Calculate current time-period. */ /* Calculate current time-period. */
@ -835,7 +835,7 @@ rend_cache_clean_v2_descs_as_dir(void)
char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN); base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN);
log_info(LD_REND, "Removing descriptor with ID '%s' from cache", log_info(LD_REND, "Removing descriptor with ID '%s' from cache",
safe_str(key_base32)); safe_str_client(key_base32));
iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter); iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter);
_rend_cache_entry_free(ent); _rend_cache_entry_free(ent);
} else { } else {
@ -955,7 +955,7 @@ rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
if (base32_decode(desc_id_digest, DIGEST_LEN, if (base32_decode(desc_id_digest, DIGEST_LEN,
desc_id, REND_DESC_ID_V2_LEN_BASE32) < 0) { desc_id, REND_DESC_ID_V2_LEN_BASE32) < 0) {
log_warn(LD_REND, "Descriptor ID contains illegal characters: %s", log_warn(LD_REND, "Descriptor ID contains illegal characters: %s",
safe_str_relay(desc_id)); safe_str(desc_id));
return -1; return -1;
} }
/* Determine if we are responsible. */ /* Determine if we are responsible. */
@ -1012,14 +1012,14 @@ rend_cache_store(const char *desc, size_t desc_len, int published)
if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) { if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
log_fn(LOG_PROTOCOL_WARN, LD_REND, log_fn(LOG_PROTOCOL_WARN, LD_REND,
"Service descriptor %s is too old.", "Service descriptor %s is too old.",
safe_str(query)); safe_str_client(query));
rend_service_descriptor_free(parsed); rend_service_descriptor_free(parsed);
return -2; return -2;
} }
if (parsed->timestamp > now+REND_CACHE_MAX_SKEW) { if (parsed->timestamp > now+REND_CACHE_MAX_SKEW) {
log_fn(LOG_PROTOCOL_WARN, LD_REND, log_fn(LOG_PROTOCOL_WARN, LD_REND,
"Service descriptor %s is too far in the future.", "Service descriptor %s is too far in the future.",
safe_str(query)); safe_str_client(query));
rend_service_descriptor_free(parsed); rend_service_descriptor_free(parsed);
return -2; return -2;
} }
@ -1027,7 +1027,7 @@ rend_cache_store(const char *desc, size_t desc_len, int published)
tor_snprintf(key, sizeof(key), "2%s", query); tor_snprintf(key, sizeof(key), "2%s", query);
if (!published && strmap_get_lc(rend_cache, key)) { if (!published && strmap_get_lc(rend_cache, key)) {
log_info(LD_REND, "We already have a v2 descriptor for service %s.", log_info(LD_REND, "We already have a v2 descriptor for service %s.",
safe_str(query)); safe_str_client(query));
rend_service_descriptor_free(parsed); rend_service_descriptor_free(parsed);
return -1; return -1;
} }
@ -1040,13 +1040,13 @@ rend_cache_store(const char *desc, size_t desc_len, int published)
if (e && e->parsed->timestamp > parsed->timestamp) { if (e && e->parsed->timestamp > parsed->timestamp) {
log_info(LD_REND,"We already have a newer service descriptor %s with the " log_info(LD_REND,"We already have a newer service descriptor %s with the "
"same ID and version.", "same ID and version.",
safe_str(query)); safe_str_client(query));
rend_service_descriptor_free(parsed); rend_service_descriptor_free(parsed);
return 0; return 0;
} }
if (e && e->len == desc_len && !memcmp(desc,e->desc,desc_len)) { if (e && e->len == desc_len && !memcmp(desc,e->desc,desc_len)) {
log_info(LD_REND,"We already have this service descriptor %s.", log_info(LD_REND,"We already have this service descriptor %s.",
safe_str(query)); safe_str_client(query));
e->received = time(NULL); e->received = time(NULL);
rend_service_descriptor_free(parsed); rend_service_descriptor_free(parsed);
return 0; return 0;
@ -1069,7 +1069,7 @@ rend_cache_store(const char *desc, size_t desc_len, int published)
memcpy(e->desc, desc, desc_len); memcpy(e->desc, desc, desc_len);
log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.", log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
safe_str(query), (int)desc_len); safe_str_client(query), (int)desc_len);
return 1; return 1;
} }
@ -1120,20 +1120,20 @@ rend_cache_store_v2_desc_as_dir(const char *desc)
if (!hid_serv_responsible_for_desc_id(desc_id)) { if (!hid_serv_responsible_for_desc_id(desc_id)) {
log_info(LD_REND, "Service descriptor with desc ID %s is not in " log_info(LD_REND, "Service descriptor with desc ID %s is not in "
"interval that we are responsible for.", "interval that we are responsible for.",
safe_str(desc_id_base32)); safe_str_client(desc_id_base32));
goto skip; goto skip;
} }
/* Is descriptor too old? */ /* Is descriptor too old? */
if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) { if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
log_info(LD_REND, "Service descriptor with desc ID %s is too old.", log_info(LD_REND, "Service descriptor with desc ID %s is too old.",
safe_str_relay(desc_id_base32)); safe_str(desc_id_base32));
goto skip; goto skip;
} }
/* Is descriptor too far in the future? */ /* Is descriptor too far in the future? */
if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) { if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
log_info(LD_REND, "Service descriptor with desc ID %s is too far in the " log_info(LD_REND, "Service descriptor with desc ID %s is too far in the "
"future.", "future.",
safe_str_relay(desc_id_base32)); safe_str(desc_id_base32));
goto skip; goto skip;
} }
/* Do we already have a newer descriptor? */ /* Do we already have a newer descriptor? */
@ -1141,13 +1141,13 @@ rend_cache_store_v2_desc_as_dir(const char *desc)
if (e && e->parsed->timestamp > parsed->timestamp) { if (e && e->parsed->timestamp > parsed->timestamp) {
log_info(LD_REND, "We already have a newer service descriptor with the " log_info(LD_REND, "We already have a newer service descriptor with the "
"same desc ID %s and version.", "same desc ID %s and version.",
safe_str_relay(desc_id_base32)); safe_str(desc_id_base32));
goto skip; goto skip;
} }
/* Do we already have this descriptor? */ /* Do we already have this descriptor? */
if (e && !strcmp(desc, e->desc)) { if (e && !strcmp(desc, e->desc)) {
log_info(LD_REND, "We already have this service descriptor with desc " log_info(LD_REND, "We already have this service descriptor with desc "
"ID %s.", safe_str_relay(desc_id_base32)); "ID %s.", safe_str(desc_id_base32));
e->received = time(NULL); e->received = time(NULL);
goto skip; goto skip;
} }
@ -1165,7 +1165,7 @@ rend_cache_store_v2_desc_as_dir(const char *desc)
e->len = encoded_size; e->len = encoded_size;
log_info(LD_REND, "Successfully stored service descriptor with desc ID " log_info(LD_REND, "Successfully stored service descriptor with desc ID "
"'%s' and len %d.", "'%s' and len %d.",
safe_str_relay(desc_id_base32), (int)encoded_size); safe_str(desc_id_base32), (int)encoded_size);
number_stored++; number_stored++;
goto advance; goto advance;
skip: skip:
@ -1285,14 +1285,14 @@ rend_cache_store_v2_desc_as_client(const char *desc,
/* Is descriptor too old? */ /* Is descriptor too old? */
if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) { if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
log_warn(LD_REND, "Service descriptor with service ID %s is too old.", log_warn(LD_REND, "Service descriptor with service ID %s is too old.",
safe_str(service_id)); safe_str_client(service_id));
retval = -2; retval = -2;
goto err; goto err;
} }
/* Is descriptor too far in the future? */ /* Is descriptor too far in the future? */
if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) { if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
log_warn(LD_REND, "Service descriptor with service ID %s is too far in " log_warn(LD_REND, "Service descriptor with service ID %s is too far in "
"the future.", safe_str(service_id)); "the future.", safe_str_client(service_id));
retval = -2; retval = -2;
goto err; goto err;
} }
@ -1300,7 +1300,7 @@ rend_cache_store_v2_desc_as_client(const char *desc,
tor_snprintf(key, sizeof(key), "0%s", service_id); tor_snprintf(key, sizeof(key), "0%s", service_id);
if (strmap_get_lc(rend_cache, key)) { if (strmap_get_lc(rend_cache, key)) {
log_info(LD_REND, "We already have a v0 descriptor for service ID %s.", log_info(LD_REND, "We already have a v0 descriptor for service ID %s.",
safe_str(service_id)); safe_str_client(service_id));
retval = -1; retval = -1;
goto err; goto err;
} }
@ -1310,14 +1310,14 @@ rend_cache_store_v2_desc_as_client(const char *desc,
if (e && e->parsed->timestamp > parsed->timestamp) { if (e && e->parsed->timestamp > parsed->timestamp) {
log_info(LD_REND, "We already have a newer service descriptor for " log_info(LD_REND, "We already have a newer service descriptor for "
"service ID %s with the same desc ID and version.", "service ID %s with the same desc ID and version.",
safe_str(service_id)); safe_str_client(service_id));
retval = 0; retval = 0;
goto err; goto err;
} }
/* Do we already have this descriptor? */ /* Do we already have this descriptor? */
if (e && !strcmp(desc, e->desc)) { if (e && !strcmp(desc, e->desc)) {
log_info(LD_REND,"We already have this service descriptor %s.", log_info(LD_REND,"We already have this service descriptor %s.",
safe_str(service_id)); safe_str_client(service_id));
e->received = time(NULL); e->received = time(NULL);
retval = 0; retval = 0;
goto err; goto err;
@ -1335,7 +1335,7 @@ rend_cache_store_v2_desc_as_client(const char *desc,
strlcpy(e->desc, desc, encoded_size + 1); strlcpy(e->desc, desc, encoded_size + 1);
e->len = encoded_size; e->len = encoded_size;
log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.", log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
safe_str(service_id), (int)encoded_size); safe_str_client(service_id), (int)encoded_size);
return 1; return 1;
err: err:

View File

@ -89,7 +89,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request,
c = NULL; c = NULL;
while ((c = circuit_get_intro_point(pk_digest))) { while ((c = circuit_get_intro_point(pk_digest))) {
log_info(LD_REND, "Replacing old circuit for service %s", log_info(LD_REND, "Replacing old circuit for service %s",
safe_str_relay(serviceid)); safe_str(serviceid));
circuit_mark_for_close(TO_CIRCUIT(c), END_CIRC_REASON_FINISHED); circuit_mark_for_close(TO_CIRCUIT(c), END_CIRC_REASON_FINISHED);
/* Now it's marked, and it won't be returned next time. */ /* Now it's marked, and it won't be returned next time. */
} }
@ -108,7 +108,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request,
log_info(LD_REND, log_info(LD_REND,
"Established introduction point on circuit %d for service %s", "Established introduction point on circuit %d for service %s",
circ->p_circ_id, safe_str_relay(serviceid)); circ->p_circ_id, safe_str(serviceid));
return 0; return 0;
truncated: truncated:
@ -162,14 +162,14 @@ rend_mid_introduce(or_circuit_t *circ, const char *request, size_t request_len)
log_info(LD_REND, log_info(LD_REND,
"No intro circ found for INTRODUCE1 cell (%s) from circuit %d; " "No intro circ found for INTRODUCE1 cell (%s) from circuit %d; "
"responding with nack.", "responding with nack.",
safe_str_relay(serviceid), circ->p_circ_id); safe_str(serviceid), circ->p_circ_id);
goto err; goto err;
} }
log_info(LD_REND, log_info(LD_REND,
"Sending introduction request for service %s " "Sending introduction request for service %s "
"from circ %d to circ %d", "from circ %d to circ %d",
safe_str_relay(serviceid), circ->p_circ_id, safe_str(serviceid), circ->p_circ_id,
intro_circ->p_circ_id); intro_circ->p_circ_id);
/* Great. Now we just relay the cell down the circuit. */ /* Great. Now we just relay the cell down the circuit. */

View File

@ -458,7 +458,7 @@ rend_config_services(or_options_t *options, int validate_only)
if (keep_it) if (keep_it)
continue; continue;
log_info(LD_REND, "Closing intro point %s for service %s.", log_info(LD_REND, "Closing intro point %s for service %s.",
safe_str(oc->build_state->chosen_exit->nickname), safe_str_client(oc->build_state->chosen_exit->nickname),
oc->rend_data->onion_address); oc->rend_data->onion_address);
circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED); circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
/* XXXX Is there another reason we should use here? */ /* XXXX Is there another reason we should use here? */
@ -1015,7 +1015,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
router = router_get_by_nickname(rp_nickname, 0); router = router_get_by_nickname(rp_nickname, 0);
if (!router) { if (!router) {
log_info(LD_REND, "Couldn't find router %s named in introduce2 cell.", log_info(LD_REND, "Couldn't find router %s named in introduce2 cell.",
escaped_safe_str(rp_nickname)); escaped_safe_str_client(rp_nickname));
/* XXXX Add a no-such-router reason? */ /* XXXX Add a no-such-router reason? */
reason = END_CIRC_REASON_TORPROTOCOL; reason = END_CIRC_REASON_TORPROTOCOL;
goto err; goto err;
@ -1117,7 +1117,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
if (!launched) { /* give up */ if (!launched) { /* give up */
log_warn(LD_REND, "Giving up launching first hop of circuit to rendezvous " log_warn(LD_REND, "Giving up launching first hop of circuit to rendezvous "
"point %s for service %s.", "point %s for service %s.",
escaped_safe_str(extend_info->nickname), escaped_safe_str_client(extend_info->nickname),
serviceid); serviceid);
reason = END_CIRC_REASON_CONNECTFAILED; reason = END_CIRC_REASON_CONNECTFAILED;
goto err; goto err;
@ -1125,7 +1125,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
log_info(LD_REND, log_info(LD_REND,
"Accepted intro; launching circuit to %s " "Accepted intro; launching circuit to %s "
"(cookie %s) for service %s.", "(cookie %s) for service %s.",
escaped_safe_str(extend_info->nickname), escaped_safe_str_client(extend_info->nickname),
hexcookie, serviceid); hexcookie, serviceid);
tor_assert(launched->build_state); tor_assert(launched->build_state);
/* Fill in the circuit's state. */ /* Fill in the circuit's state. */
@ -1221,7 +1221,7 @@ rend_service_launch_establish_intro(rend_service_t *service,
log_info(LD_REND, log_info(LD_REND,
"Launching circuit to introduction point %s for service %s", "Launching circuit to introduction point %s for service %s",
escaped_safe_str(intro->extend_info->nickname), escaped_safe_str_client(intro->extend_info->nickname),
service->service_id); service->service_id);
rep_hist_note_used_internal(time(NULL), 1, 0); rep_hist_note_used_internal(time(NULL), 1, 0);
@ -1234,7 +1234,7 @@ rend_service_launch_establish_intro(rend_service_t *service,
if (!launched) { if (!launched) {
log_info(LD_REND, log_info(LD_REND,
"Can't launch circuit to establish introduction at %s.", "Can't launch circuit to establish introduction at %s.",
escaped_safe_str(intro->extend_info->nickname)); escaped_safe_str_client(intro->extend_info->nickname));
return -1; return -1;
} }
@ -1582,8 +1582,8 @@ directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
"service '%s' with descriptor ID '%s' with validity " "service '%s' with descriptor ID '%s' with validity "
"of %d seconds to hidden service directory '%s' on " "of %d seconds to hidden service directory '%s' on "
"%s:%d.", "%s:%d.",
safe_str(service_id), safe_str_client(service_id),
safe_str(desc_id_base32), safe_str_client(desc_id_base32),
seconds_valid, seconds_valid,
hs_dir->nickname, hs_dir->nickname,
hs_dir_ip, hs_dir_ip,
@ -1955,7 +1955,7 @@ rend_service_dump_stats(int severity)
service->directory); service->directory);
for (j=0; j < smartlist_len(service->intro_nodes); ++j) { for (j=0; j < smartlist_len(service->intro_nodes); ++j) {
intro = smartlist_get(service->intro_nodes, j); intro = smartlist_get(service->intro_nodes, j);
safe_name = safe_str(intro->extend_info->nickname); safe_name = safe_str_client(intro->extend_info->nickname);
circ = find_intro_circuit(intro, service->pk_digest); circ = find_intro_circuit(intro, service->pk_digest);
if (!circ) { if (!circ) {