mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-01-18 21:35:11 +01:00
Code Issues Projects Releases Wiki Activity

json-rpc: Check for unprintable characters in JSON-RPC commands

Browse Source 
As reported by @practicalswift in #945 it is possible to inject
non-printable, or shell escape, characters in a json command, that
will fail to parse and then clear the shell.

Reported-by: @practicalswift
Signed-off-by: Christian Decker <decker.christian@gmail.com>
This commit is contained in:
Christian Decker 2018-02-08 21:05:29 +01:00
parent 16004684c9
commit e92e26f84d
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lightningd/log.c
View File

@ -256,6 +256,12 @@ void logv(struct log *log, enum log_level level, const char *fmt, va_list ap)
struct log_entry *l = new_log_entry(log, level);
l->log = tal_vfmt(l, fmt, ap);
/* Sanitize any non-printable characters, and replace with '?' */
for (size_t i=0; i<strlen(l->log); i++)
if (l->log[i] < ' ' || l->log[i] >= 0x7f)
l->log[i] = '?';
maybe_print(log, l, 0);
add_entry(log, l);
@ -289,6 +295,12 @@ void logv_add(struct log *log, const char *fmt, va_list ap)
list_del_from(&log->lr->log, &l->list);
tal_append_vfmt(&l->log, fmt, ap);
/* Sanitize any non-printable characters, and replace with '?' */
for (size_t i=oldlen; i<strlen(l->log); i++)
if (l->log[i] < ' ' || l->log[i] >= 0x7f)
l->log[i] = '?';
add_entry(log, l);
maybe_print(log, l, oldlen);