Tor  0.4.7.0-alpha-dev
Functions
escape.c File Reference

Escape untrusted strings before sending them to the log. More...

#include "lib/log/escape.h"
#include "lib/log/util_bug.h"
#include "lib/string/compat_ctype.h"
#include "lib/string/printf.h"
#include "lib/malloc/malloc.h"

Go to the source code of this file.

Functions

char * esc_for_log (const char *s)
 
char * esc_for_log_len (const char *chars, size_t n)
 
const char * escaped (const char *s)
 

Detailed Description

Escape untrusted strings before sending them to the log.

Definition in file escape.c.

Function Documentation

◆ esc_for_log()

char* esc_for_log ( const char *  s)

Allocate and return a new string representing the contents of s, surrounded by quotes and using standard C escapes.

Generally, we use this for logging values that come in over the network to keep them from tricking users, and for sending certain values to the controller.

We trust values from the resolver, OS, configuration file, and command line to not be maliciously ill-formed. We validate incoming routerdescs and SOCKS requests and addresses from BEGIN cells as they're parsed; afterwards, we trust them as non-malicious.

Definition at line 30 of file escape.c.

Referenced by control_event_logmsg(), esc_router_info(), escaped(), get_esc_cfile(), and parse_iso_time_().

◆ esc_for_log_len()

char* esc_for_log_len ( const char *  chars,
size_t  n 
)

Similar to esc_for_log. Allocate and return a new string representing the first n characters in chars, surround by quotes and using standard C escapes. If a NUL character is encountered in chars, the resulting string will be terminated there.

Definition at line 110 of file escape.c.

Referenced by entry_connection_describe_status_for_controller().

◆ escaped()

const char* escaped ( const char *  s)

Allocate and return a new string representing the contents of s, surrounded by quotes and using standard C escapes.

THIS FUNCTION IS NOT REENTRANT. Don't call it from outside the main thread. Also, each call invalidates the last-returned value, so don't try log_warn(LD_GENERAL, "%s %s", escaped(a), escaped(b));

Definition at line 126 of file escape.c.

Referenced by escaped_safe_str(), escaped_safe_str_client(), handle_control_protocolinfo(), handle_response_fetch_consensus(), kvline_check_keyword_args(), service_escaped_dir(), and string_is_key_value().