From f0084e12e214c4b993ef01e02067bfdc27a135e0 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Thu, 13 May 2021 19:34:17 +0000 Subject: [PATCH] Don't return ASCII control characters in HTTP error messages --- lightning-block-sync/src/http.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lightning-block-sync/src/http.rs b/lightning-block-sync/src/http.rs index 154afa488..2e70e1865 100644 --- a/lightning-block-sync/src/http.rs +++ b/lightning-block-sync/src/http.rs @@ -348,9 +348,11 @@ impl HttpClient { if !status.is_ok() { // TODO: Handle 3xx redirection responses. - let error_details = match contents.is_ascii() { - true => String::from_utf8_lossy(&contents).to_string(), - false => "binary".to_string() + let error_details = match String::from_utf8(contents) { + // Check that the string is all-ASCII with no control characters before returning + // it. + Ok(s) if s.as_bytes().iter().all(|c| c.is_ascii() && !c.is_ascii_control()) => s, + _ => "binary".to_string() }; let error_msg = format!("Errored with status: {} and contents: {}", status.code, error_details); -- 2.39.5