1257875 – tor: Logging malformed hostnames in socks5 requests leaks sensitive information

Bug 1257875 - tor: Logging malformed hostnames in socks5 requests leaks sensitive information

Summary: tor: Logging malformed hostnames in socks5 requests leaks sensitive information

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1257877 1257878
Blocks:
TreeView+	depends on / blocked

Reported:	2015-08-28 10:02 UTC by Adam Mariš
Modified:	2020-11-05 10:33 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-01-10 18:06:30 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2015-08-28 10:02:30 UTC

A bug was found in src/or/buffers.c::parse_socks(), where escaped() function on the request address is used rather than escaped_safe_str_client(). When a socks5 client application sends a request with a malformed hostname, the full hostaname is logged, while rejecting the connection, instead of logging [scrubbed] name, respecting the SafeLogging configuration.

Upstream patch:

https://gitweb.torproject.org/tor.git/commit/?id=19df037e53331ae528b876f225be08f198e0f8b6

Comment 1 Adam Mariš 2015-08-28 10:03:23 UTC

Created tor tracking bugs for this issue:

Affects: fedora-all [bug 1257877]
Affects: epel-all [bug 1257878]

Note You need to log in before you can comment on or make changes to this bug.