We should not include any control characters from the server status
message when logging it; in particular if we include '\n' this could
result in additional arbitrary log lines. In dhcpv6_log_status_code,
replace all control characters with '?'.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
#include <unistd.h>
#include <syslog.h>
#include <stdbool.h>
+#include <ctype.h>
#include <sys/time.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
static void dhcpv6_log_status_code(const uint16_t code, const char *scope,
- const void *status_msg, const int len)
+ const void *status_msg, int len)
{
- uint8_t buf[len + 3];
+ const char *src = status_msg;
+ char buf[len + 3];
+ char *dst = buf;
- memset(buf, 0, sizeof(buf));
if (len) {
- buf[0] = '(';
- memcpy(&buf[1], status_msg, len);
- buf[len + 1] = ')';
+ *dst++ = '(';
+ while (len--) {
+ *dst = isprint((unsigned char)*src) ? *src : '?';
+ src++;
+ dst++;
+ }
+ *dst++ = ')';
}
+ *dst = 0;
syslog(LOG_WARNING, "Server returned %s status %i %s",
scope, code, buf);