From: Matt Corallo Date: Thu, 13 May 2021 19:34:17 +0000 (+0000) Subject: Don't return ASCII control characters in HTTP error messages X-Git-Tag: v0.0.98~27^2 X-Git-Url: http://git.bitcoin.ninja/?a=commitdiff_plain;h=refs%2Fheads%2F2021-05-no-control-chars;p=rust-lightning Don't return ASCII control characters in HTTP error messages --- diff --git a/lightning-block-sync/src/http.rs b/lightning-block-sync/src/http.rs index 154afa488..2e70e1865 100644 --- a/lightning-block-sync/src/http.rs +++ b/lightning-block-sync/src/http.rs @@ -348,9 +348,11 @@ impl HttpClient { if !status.is_ok() { // TODO: Handle 3xx redirection responses. - let error_details = match contents.is_ascii() { - true => String::from_utf8_lossy(&contents).to_string(), - false => "binary".to_string() + let error_details = match String::from_utf8(contents) { + // Check that the string is all-ASCII with no control characters before returning + // it. + Ok(s) if s.as_bytes().iter().all(|c| c.is_ascii() && !c.is_ascii_control()) => s, + _ => "binary".to_string() }; let error_msg = format!("Errored with status: {} and contents: {}", status.code, error_details);