ProtocolWarnings 1 results in unsafe logs even with SafeLogging 1
Mike Perry wrote:
The vast majority of cases scrub addresses properly, like other logs, unless SafeLogging is also disabled (which is not the default). I found four places that ignored this convention and printed IP addresses directly:
- When a TLS connection gets stuck, won't write, and has to be closed
- When a relay tries to connect to you and says it is at your address, its address is dumped
- When an onion service client tries to tell an onion service to connect to an RFC1918 addr, that address is dumped
- When an exit gives a client an IP address that is not IPv4 or IPv6, the client dumps that destination address