diff options
| author | Wladimir J. van der Laan <[email protected]> | 2019-10-16 16:04:16 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <[email protected]> | 2019-10-16 16:04:27 +0200 |
| commit | c34b88620dc8435b83e6744895f2ecd3c9ec8de7 (patch) | |
| tree | 367583dd9b4d903342c0ab551880eb44fca6a086 /src/interfaces/node.cpp | |
| parent | Merge #17131: rpc: fix -rpcclienttimeout 0 option (diff) | |
| parent | util: Filter control characters out of log messages (diff) | |
| download | discoin-c34b88620dc8435b83e6744895f2ecd3c9ec8de7.tar.xz discoin-c34b88620dc8435b83e6744895f2ecd3c9ec8de7.zip | |
Merge #17095: util: Filter control characters out of log messages
d7820a1250070f3640246ae497e049bee0b3516f util: Filter control characters out of log messages (Wladimir J. van der Laan)
Pull request description:
Belts and suspenders: make sure outgoing log messages don't contain potentially suspicious characters, such as terminal control codes.
This escapes control characters except newline ('\n') in C syntax. It escapes instead of removes them to still allow for troubleshooting issues where they accidentally end up in strings (it is a debug log, after all).
(more checks could be added such as UTF-8 validity and unicode code-point range checking—this is substantially more involved and would need to keep track of state between characters and even `LogPrint` calls as they could end up split up—but escape codes seem to be the most common attack vector for terminals.)
ACKs for top commit:
practicalswift:
ACK d7820a1250070f3640246ae497e049bee0b3516f - tested and works as expected :)
Tree-SHA512: 0806265addebdcec1062a6def3e903555e62ba5e93967ce9ee6943d16462a222b3f41135a5bff0a76966ae9e7ed75f211d7785bceda788ae0b0654bf3fd891bf
Diffstat (limited to 'src/interfaces/node.cpp')
0 files changed, 0 insertions, 0 deletions