Merge remote-tracking branch 'tor-github/pr/1343' into maint-0.3.5

6bfdd096 · teor · 15d67842 · bf4a27c0 · 6bfdd096 · 6bfdd096
Unverified Commit 6bfdd096 authored 5 years ago by teor
--- a/changes/ticket31466
+++ b/changes/ticket31466
+  o Minor bugfixes (logging):
+    - Rate-limit our the logging message about the obsolete .exit notation.
+      Previously, there was no limit on this warning, which could potentially
+      be triggered many times by a hostile website. Fixes bug 31466;
+      bugfix on 0.2.2.1-alpha.
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -1598,8 +1598,10 @@ connection_ap_handshake_rewrite(entry_connection_t *conn,
   * disallowed when they're coming straight from the client, but you're
   * allowed to have them in MapAddress commands and so forth. */
  if (!strcmpend(socks->address, ".exit")) {
-    log_warn(LD_APP, "The  \".exit\" notation is disabled in Tor due to "
+    static ratelim_t exit_warning_limit = RATELIM_INIT(60*15);
-             "security risks.");
+    log_fn_ratelim(&exit_warning_limit, LOG_WARN, LD_APP,
+                   "The  \".exit\" notation is disabled in Tor due to "
+                   "security risks.");
    control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
                                escaped(socks->address));
    out->end_reason = END_STREAM_REASON_TORPROTOCOL;