diff options
| author | Werner Koch <wk@gnupg.org> | 2018-12-06 11:13:18 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2018-12-06 11:19:48 +0100 |
| commit | b7fae45c24cccb9898c6d5a3a633897afb4649dc (patch) | |
| tree | 88d822c6be428e30c06526a65d2751a10a2c370c /tests | |
| parent | f4d139b399e1e5044fe6bb0ceecd4c72e63dac94 (diff) | |
| download | libgpg-error-b7fae45c24cccb9898c6d5a3a633897afb4649dc.tar.gz | |
logging: Escape controls in string arguments of log_ functions.
* src/logging.c (struct fmt_string_filter_s): New.
(fmt_string_filter): New.
(_gpgrt_logv_internal): Use the filter.
--
This change has two advantages: a) There is no more need to first
escape string arguments before passing them to a log function and b)
you can't forget to do the escaping and thus attacks using diagnostic
output to trick out users won't work. The drawback is that you see \n
instead of a real LF and under Windows the backslash in file names are
doubled.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/t-logging.c | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/tests/t-logging.c b/tests/t-logging.c index e0f5e2a..a1783ef 100644 --- a/tests/t-logging.c +++ b/tests/t-logging.c @@ -120,6 +120,38 @@ check_log_info (void) "and 3\n"))) fail ("log_info test failed at line %d\n", __LINE__); free (logbuf); + + /* With arguments. */ + log_info ("file '%s' line %d: %s\n", "/foo/bar.txt", 20, "not found"); + logbuf = log_to_string (); + if (strcmp (logbuf, "t-logging: file '/foo/bar.txt' line 20: not found\n")) + fail ("log_info test failed at line %d\n", __LINE__); + free (logbuf); + + /* With arguments and a control char in the string arg. */ + log_info ("file '%s' line %d: %s\n", "/foo/bar.txt\b", 20, "not found"); + logbuf = log_to_string (); + if (strcmp (logbuf, + "t-logging: file '/foo/bar.txt\\b' line 20: not found\n")) + fail ("log_info test failed at line %d\n", __LINE__); + free (logbuf); + + /* With arguments and the prefix in a string arg. */ + log_info ("file '%s': %s\n", "/foo/bar.txt\nt-logging", "not \x01 found"); + logbuf = log_to_string (); + if (strcmp (logbuf, + "t-logging: file '/foo/bar.txt\\nt-logging': not \\x01 found\n")) + fail ("log_info test failed at line %d\n", __LINE__); + + /* With arguments and byte with bit 7 set in a string arg. */ + log_info ("file '%s': %s\n", "/foo/bar.txt\n", "not \x81 found"); + logbuf = log_to_string (); + if (strcmp (logbuf, + "t-logging: file '/foo/bar.txt\\n': not \x81 found\n")) + fail ("log_info test failed at line %d\n", __LINE__); + /* show ("===>%s<===\n", logbuf); */ + + free (logbuf); } |