aboutsummaryrefslogtreecommitdiffstats
path: root/util
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2022-01-27 21:40:13 +0100
committerKim Alvefur <zash@zash.se>2022-01-27 21:40:13 +0100
commitdccab4e10ff17dbf87aa95a68d49db3adc235b78 (patch)
tree3313b7da8f0c42b4801f3bc45c88c0a673d20372 /util
parentc551d3d8dd756816b550dadb9e226c2d3ea6f334 (diff)
downloadprosody-dccab4e10ff17dbf87aa95a68d49db3adc235b78.tar.gz
prosody-dccab4e10ff17dbf87aa95a68d49db3adc235b78.zip
util.format: Expand explanation of purpose in comments
Diffstat (limited to 'util')
-rw-r--r--util/format.lua7
1 files changed, 6 insertions, 1 deletions
diff --git a/util/format.lua b/util/format.lua
index 533f3a82..09369da4 100644
--- a/util/format.lua
+++ b/util/format.lua
@@ -1,6 +1,9 @@
--
--- A string.format wrapper that gracefully handles invalid arguments
+-- A string.format wrapper that gracefully handles invalid arguments since
+-- certain format string and argument combinations may casue errors or other
+-- issues like log spoofing
--
+-- Provides some protection from e.g. CAPEC-135, CWE-117, CWE-134, CWE-93
local tostring = tostring;
local unpack = table.unpack or unpack; -- luacheck: ignore 113/unpack
@@ -109,6 +112,8 @@ local function format(formatstring, ...)
if not valid_utf8(arg) then
option = "q";
elseif option ~= "q" then -- gets fully escaped in the next block
+ -- Prevent funny things with ASCII control characters and ANSI escape codes (CWE-117)
+ -- Also ensure embedded newlines can't look like another log line (CWE-93)
args[i] = arg:gsub("[%z\1-\8\11-\31\127]", control_symbols):gsub("\n\t?", "\n\t");
return spec;
end