[Swan-dev] drop sanitize_string() in dbg() code path?

Andrew Cagney andrew.cagney at gmail.com
Wed Sep 11 18:59:29 UTC 2019

Here's the commit from when the topic last came up:

commit 5f6f08c858f328139b1a95bbebffd86c7036509a

    pluto: don't call sanitize_string() in fmt_log() as it is expensive

    fmt_log() is only used to write logs, not to pass anything to
    updown. We leave the call in for DBG_log() since if you're in
    debugging mode, you're slow anyway.

    Strings taken from the network and passed to updown are few, and
    those calls go via cisco_stringify() which calls sanitize_string()

The only thing I know of preventing sanitize_string() being removed from
the dbg() code path is dntoa() - it doesn't sanitize so there's speculation
that it could be emitting unprintable characters (but we've no evidence
either way and we suspect NSS filters out bogus DNs?) - just need to ensure
that dntoa()'s out gets sanitized.

is there anything else?


PS: should cisco_stringify() be using jam_meta_escaped_bytes()
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20190911/2044babd/attachment-0001.html>

More information about the Swan-dev mailing list