[Pkg-privacy-commits] [obfs4proxy] 87/151: Elide the error out from most logs unless unsafeLogging is set.
Ximin Luo
infinity0 at moszumanska.debian.org
Sat Aug 22 12:59:42 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch master
in repository obfs4proxy.
commit 596cc8507340a1233defe5bf88e6e2a400cc7f9f
Author: Yawning Angel <yawning at torproject.org>
Date: Wed Aug 20 22:44:07 2014 +0000
Elide the error out from most logs unless unsafeLogging is set.
The Golang runtime will happily splatter the remote IP address and port
in the error's string representation for network related errors. While
useful for debugging, this is unacceptable from a privacy standpoint.
---
obfs4proxy/obfs4proxy.go | 34 +++++++++++++++++++++++++++-------
1 file changed, 27 insertions(+), 7 deletions(-)
diff --git a/obfs4proxy/obfs4proxy.go b/obfs4proxy/obfs4proxy.go
index 8820127..7ba0e93 100644
--- a/obfs4proxy/obfs4proxy.go
+++ b/obfs4proxy/obfs4proxy.go
@@ -167,7 +167,11 @@ func clientHandler(f base.ClientFactory, conn *pt.SocksConn, proxyURI *url.URL)
// the configuration phase.
dialer, err := proxy.FromURL(proxyURI, proxy.Direct)
if err != nil {
- log.Printf("[ERROR]: %s(%s) - failed to obtain proxy dialer: %s", name, addrStr, err)
+ if unsafeLogging {
+ log.Printf("[ERROR]: %s(%s) - failed to obtain proxy dialer: %s", name, addrStr, err)
+ } else {
+ log.Printf("[ERROR]: %s(%s) - failed to obtain proxy dialer", name, addrStr)
+ }
conn.Reject()
return
}
@@ -191,18 +195,26 @@ func clientHandler(f base.ClientFactory, conn *pt.SocksConn, proxyURI *url.URL)
// bytes back and forth.
remote, err := f.WrapConn(remoteConn, args)
if err != nil {
- log.Printf("[ERROR]: %s(%s) - handshake failed: %s", name, addrStr, err)
+ if unsafeLogging {
+ log.Printf("[ERROR]: %s(%s) - handshake failed: %s", name, addrStr, err)
+ } else {
+ log.Printf("[ERROR]: %s(%s) - handshake failed", name, addrStr)
+ }
conn.Reject()
return
}
err = conn.Grant(remoteConn.RemoteAddr().(*net.TCPAddr))
if err != nil {
- log.Printf("[ERROR]: %s(%s) - SOCKS grant failed: %s", name, addrStr, err)
+ if unsafeLogging {
+ log.Printf("[ERROR]: %s(%s) - SOCKS grant failed: %s", name, addrStr, err)
+ } else {
+ log.Printf("[ERROR]: %s(%s) - SOCKS grant failed", name, addrStr)
+ }
return
}
err = copyLoop(conn, remote)
- if err != nil {
+ if err != nil && unsafeLogging {
log.Printf("[INFO]: %s(%s) - closed connection: %s", name, addrStr, err)
} else {
log.Printf("[INFO]: %s(%s) - closed connection", name, addrStr)
@@ -282,20 +294,28 @@ func serverHandler(f base.ServerFactory, conn net.Conn, info *pt.ServerInfo) {
// Instantiate the server transport method and handshake.
remote, err := f.WrapConn(conn)
if err != nil {
- log.Printf("[ERROR]: %s(%s) - handshake failed: %s", name, addrStr, err)
+ if unsafeLogging {
+ log.Printf("[ERROR]: %s(%s) - handshake failed: %s", name, addrStr, err)
+ } else {
+ log.Printf("[ERROR]: %s(%s) - handshake failed", name, addrStr)
+ }
return
}
// Connect to the orport.
orConn, err := pt.DialOr(info, conn.RemoteAddr().String(), name)
if err != nil {
- log.Printf("[ERROR]: %s(%s) - failed to connect to ORPort: %s", name, addrStr, err)
+ if unsafeLogging {
+ log.Printf("[ERROR]: %s(%s) - failed to connect to ORPort: %s", name, addrStr, err)
+ } else {
+ log.Printf("[ERROR]: %s(%s) - failed to connect to ORPort", name, addrStr)
+ }
return
}
defer orConn.Close()
err = copyLoop(orConn, remote)
- if err != nil {
+ if err != nil && unsafeLogging {
log.Printf("[INFO]: %s(%s) - closed connection: %s", name, addrStr, err)
} else {
log.Printf("[INFO]: %s(%s) - closed connection", name, addrStr)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/obfs4proxy.git
More information about the Pkg-privacy-commits
mailing list