]> git.decadent.org.uk Git - odhcp6c.git/commit
Fix potential log forgery via status string
authorBen Hutchings <ben@decadent.org.uk>
Thu, 28 Jan 2016 01:44:10 +0000 (01:44 +0000)
committerBen Hutchings <ben@decadent.org.uk>
Thu, 28 Jan 2016 13:40:25 +0000 (13:40 +0000)
commitf92e692eefa05ddb7b0b2817260b03262f30090e
treef34576f281788351ca83e245655792cbd72bf87e
parentabe9d1b0739857f4a0d25005f9f0523153a6fe23
Fix potential log forgery via status string

We should not include any control characters from the server status
message when logging it; in particular if we include '\n' this could
result in additional arbitrary log lines.  In dhcpv6_log_status_code,
replace all control characters with '?'.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
src/dhcpv6.c