diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2016-01-28 01:44:10 +0000 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2016-01-28 13:40:25 +0000 |
commit | f92e692eefa05ddb7b0b2817260b03262f30090e (patch) | |
tree | f34576f281788351ca83e245655792cbd72bf87e /src | |
parent | abe9d1b0739857f4a0d25005f9f0523153a6fe23 (diff) | |
download | odhcp6c-f92e692eefa05ddb7b0b2817260b03262f30090e.tar.gz |
Fix potential log forgery via status string
We should not include any control characters from the server status
message when logging it; in particular if we include '\n' this could
result in additional arbitrary log lines. In dhcpv6_log_status_code,
replace all control characters with '?'.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'src')
-rw-r--r-- | src/dhcpv6.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/src/dhcpv6.c b/src/dhcpv6.c index 2d8124f..08fe236 100644 --- a/src/dhcpv6.c +++ b/src/dhcpv6.c @@ -23,6 +23,7 @@ #include <unistd.h> #include <syslog.h> #include <stdbool.h> +#include <ctype.h> #include <sys/time.h> #include <sys/ioctl.h> #include <sys/socket.h> @@ -1290,16 +1291,22 @@ static int dhcpv6_calc_refresh_timers(void) static void dhcpv6_log_status_code(const uint16_t code, const char *scope, - const void *status_msg, const int len) + const void *status_msg, int len) { - uint8_t buf[len + 3]; + const char *src = status_msg; + char buf[len + 3]; + char *dst = buf; - memset(buf, 0, sizeof(buf)); if (len) { - buf[0] = '('; - memcpy(&buf[1], status_msg, len); - buf[len + 1] = ')'; + *dst++ = '('; + while (len--) { + *dst = isprint((unsigned char)*src) ? *src : '?'; + src++; + dst++; + } + *dst++ = ')'; } + *dst = 0; syslog(LOG_WARNING, "Server returned %s status %i %s", scope, code, buf); |