hs-v2: Only log once the connection warning to v2

Closes #40474

Signed-off-by: David Goulet <dgoulet@torproject.org>

diff --git a/changes/ticket40474 b/changes/ticket40474
new file mode 100644 (file)
index 0000000..d2a7231
--- /dev/null
+++ b/changes/ticket40474
@@ -0,0 +1,5 @@
+  o Minor bugfixes (onion service, TROVE-2021-008):
+    - Only log once any v2 access attempts in order to not pollute the logs
+      with warnings and avoid recording the times on disk when v2 access was
+      attempted. Important to note that the onion address was _never_ logged.
+      That is a Low security issue. Fixes bug 40474; bugfix on 0.4.5.8.

diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index 6f6f22a0d4c3de87dcb42c9fe9683ba379ff4135..d3979b3a7ecb836b9530c92275315a3588118918 100644 (file)
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -2530,10 +2530,15 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
 
     /* We don't support v2 onions anymore. Log a warning and bail. */
     if (addresstype == ONION_V2_HOSTNAME) {
-      log_warn(LD_PROTOCOL, "Tried to connect to a v2 onion address, but this "
-               "version of Tor no longer supports them. Please encourage the "
-               "site operator to upgrade. For more information see "
-               "https://blog.torproject.org/v2-deprecation-timeline.");
+      static bool log_once = false;
+      if (!log_once) {
+        log_warn(LD_PROTOCOL, "Tried to connect to a v2 onion address, but "
+                 "this version of Tor no longer supports them. Please "
+                 "encourage the site operator to upgrade. For more "
+                 "information see "
+                 "https://blog.torproject.org/v2-deprecation-timeline.");
+        log_once = true;
+      }
       control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
                                   escaped(socks->address));
       /* Send back the 0xF6 extended code indicating a bad hostname. This is