[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Add some functions to escape values from the network before...



Update of /home/or/cvsroot/tor/doc
In directory moria:/tmp/cvs-serv11439/doc

Modified Files:
	TODO 
Log Message:
Add some functions to escape values from the network before sending them to the log.  Use them everywhere except for routerinfo->plaftorm, routerinfo->contact_info, and rend*.c.  (need sleep now)

Index: TODO
===================================================================
RCS file: /home/or/cvsroot/tor/doc/TODO,v
retrieving revision 1.432
retrieving revision 1.433
diff -u -p -d -r1.432 -r1.433
--- TODO	20 Feb 2006 02:40:31 -0000	1.432
+++ TODO	5 Mar 2006 09:50:25 -0000	1.433
@@ -45,9 +45,13 @@ N - building on freebsd 6.0: (with multi
     - authorities should *never* 503 a cache, but *should* 503 clients
       when they feel like it.
     - update dir-spec with what we decided for each of these
-  - when logging unknown http headers, this could include bad escape codes?
-    - more generally, attacker-controller log entries with newlines in them
-      are dangerous for our users.
+  o when logging unknown http headers, this could include bad escape codes?
+    more generally, attacker-controller log entries with newlines in them
+    are dangerous for our users.
+    o So... add functions to escape potentially malicious values before
+      logging them, and test values more closely as they arrive...
+    - But what to do about contact_info and platform?
+    - (Didn't finish converting rend*.c)
   - Make "setconf" and "hup" behavior cleaner for LINELIST config
     options (e.g. Log). Bug 238.
 R - Jan 26 10:25:04.832 [warn] add_an_entry_guard(): Tried finding a
@@ -56,11 +60,11 @@ R - streamline how we define a guard nod
     somewhere.
 R - reduce log severity for guard nodes.
 R - make guard node timeout higher.
-N . Clean and future-proof exit policy formats a bit.
+  o Clean and future-proof exit policy formats a bit.
     o Likewise accept, but don't generate /bits formats (unless they're
       accepted in 0.0.9 and later).
     o Warn when we see a netmask that isn't a prefix.
-    - Make clients understand "private:*" in exit policies, even though
+    o Make clients understand "private:*" in exit policies, even though
       we don't generate it yet.
 
 for 0.1.1.x-final: