[Swan-dev] drop sanitize_string() in dbg() code path?
Andrew Cagney
andrew.cagney at gmail.com
Wed Sep 11 18:59:29 UTC 2019
Here's the commit from when the topic last came up:
commit 5f6f08c858f328139b1a95bbebffd86c7036509a
pluto: don't call sanitize_string() in fmt_log() as it is expensive
fmt_log() is only used to write logs, not to pass anything to
updown. We leave the call in for DBG_log() since if you're in
debugging mode, you're slow anyway.
Strings taken from the network and passed to updown are few, and
those calls go via cisco_stringify() which calls sanitize_string()
The only thing I know of preventing sanitize_string() being removed from
the dbg() code path is dntoa() - it doesn't sanitize so there's speculation
that it could be emitting unprintable characters (but we've no evidence
either way and we suspect NSS filters out bogus DNs?) - just need to ensure
that dntoa()'s out gets sanitized.
is there anything else?
Andrew
PS: should cisco_stringify() be using jam_meta_escaped_bytes()
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20190911/2044babd/attachment-0001.html>
More information about the Swan-dev
mailing list