Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge remote-tracking branch 'dgoulet/bug27550_033_01' into maint-0.3.3

Nick Mathewson 6 years ago
parent
db3acb3aa3 18085abfcc
commit
34e4d5a783
4 changed files with 12 additions and 8 deletions
Unified View Show Diff Stats
  1. 5 0
      changes/ticket27550
  2. 1 1
      src/or/directory.c
  3. 0 4
      src/or/hs_client.c
  4. 6 3
      src/or/hs_descriptor.c

+ 5 - 0
changes/ticket27550
View File 

@@ -0,0 +1,5 @@
 
+  o Minor bugfixes (hidden service v3):
 
+    - Don't warn so loudly when tor is unable to decode a descriptor. This can
 
+      now happen as a normal use case if a client gets a descriptor with
 
+      client authorization but the client is not authorized. Fixes bug 27550;
 
+      bugfix on 0.3.5.1-alpha.

+ 1 - 1
src/or/directory.c
View File 

@@ -3091,7 +3091,7 @@ handle_response_fetch_hsdesc_v3(dir_connection_t *conn,
 
   case 200:
 
   case 200:
 
     /* We got something: Try storing it in the cache. */
 
     /* We got something: Try storing it in the cache. */
 
     if (hs_cache_store_as_client(body, &conn->hs_ident->identity_pk) < 0) {
 
     if (hs_cache_store_as_client(body, &conn->hs_ident->identity_pk) < 0) {
 
-      log_warn(LD_REND, "Failed to store hidden service descriptor");
 
+      log_info(LD_REND, "Failed to store hidden service descriptor");
 
       /* Fire control port FAILED event. */
 
       /* Fire control port FAILED event. */
 
       hs_control_desc_event_failed(conn->hs_ident, conn->identity_digest,
 
       hs_control_desc_event_failed(conn->hs_ident, conn->identity_digest,
 
                                    "BAD_DESC");
 
                                    "BAD_DESC");

+ 0 - 4
src/or/hs_client.c
View File 

@@ -1225,10 +1225,6 @@ hs_client_decode_descriptor(const char *desc_str,
 
   ret = hs_desc_decode_descriptor(desc_str, subcredential, desc);
 
   ret = hs_desc_decode_descriptor(desc_str, subcredential, desc);
 
   memwipe(subcredential, 0, sizeof(subcredential));
 
   memwipe(subcredential, 0, sizeof(subcredential));
 
   if (ret < 0) {
 
   if (ret < 0) {
 
-    log_warn(LD_GENERAL, "Could not parse received descriptor as client.");
 
-    if (get_options()->SafeLogging_ == SAFELOG_SCRUB_NONE) {
 
-      log_warn(LD_GENERAL, "%s", escaped(desc_str));
 
-    }
 
     goto err;
 
     goto err;
 
   }
 
   }

+ 6 - 3
src/or/hs_descriptor.c
View File 

@@ -1361,7 +1361,7 @@ decrypt_desc_layer,(const hs_descriptor_t *desc,
 
    * This is a critical check that is making sure the computed MAC matches the
 
    * This is a critical check that is making sure the computed MAC matches the
 
    * one in the descriptor. */
 
    * one in the descriptor. */
 
   if (!tor_memeq(our_mac, desc_mac, sizeof(our_mac))) {
 
   if (!tor_memeq(our_mac, desc_mac, sizeof(our_mac))) {
 
-    log_warn(LD_REND, "Encrypted service descriptor MAC check failed");
 
+    log_info(LD_REND, "Encrypted service descriptor MAC check failed");
 
     goto err;
 
     goto err;
 
   }
 
   }
 
 
 
@@ -1544,7 +1544,6 @@ desc_decrypt_all(const hs_descriptor_t *desc, char **decrypted_out)
 
                                         superencrypted_len,
 
                                         superencrypted_len,
 
                                         &encrypted_blob);
 
                                         &encrypted_blob);
 
   if (!encrypted_len) {
 
   if (!encrypted_len) {
 
-    log_warn(LD_REND, "Decrypting encrypted desc failed.");
 
     goto err;
 
     goto err;
 
   }
 
   }
 
   tor_assert(encrypted_blob);
 
   tor_assert(encrypted_blob);
 
@@ -2046,7 +2045,11 @@ desc_decode_encrypted_v3(const hs_descriptor_t *desc,
 
    * in the descriptor as a blob of bytes. */
 
    * in the descriptor as a blob of bytes. */
 
   message_len = desc_decrypt_all(desc, &message);
 
   message_len = desc_decrypt_all(desc, &message);
 
   if (!message_len) {
 
   if (!message_len) {
 
-    log_warn(LD_REND, "Service descriptor decryption failed.");
 
+    /* Inform at notice level that the onion address requested can't be
 
+     * reached without client authorization most likely. */
 
+    log_notice(LD_REND, "Fail to decrypt descriptor for requested onion "
 
+                        "address. It is likely requiring client "
 
+                        "authorization.");
 
     goto err;
 
     goto err;
 
   }
 
   }
 
   tor_assert(message);
 
   tor_assert(message);