Don't return ASCII control characters in HTTP error messages

author Matt Corallo <git@bluematt.me>

Thu, 13 May 2021 19:34:17 +0000 (19:34 +0000)

committer Matt Corallo <git@bluematt.me>

Thu, 13 May 2021 21:58:01 +0000 (21:58 +0000)
author Matt Corallo <git@bluematt.me>
Thu, 13 May 2021 19:34:17 +0000 (19:34 +0000)
committer Matt Corallo <git@bluematt.me>
Thu, 13 May 2021 21:58:01 +0000 (21:58 +0000)
diff --git a/lightning-block-sync/src/http.rs b/lightning-block-sync/src/http.rs

index 154afa4889c7b7b9e263eac22cf6f5e5aff0bfd2..2e70e18659936e2746638ba684b36ce20c3095ca 100644 (file)
--- a/lightning-block-sync/src/http.rs
+++ b/lightning-block-sync/src/http.rs
@@ -348,9 +348,11 @@ impl HttpClient {
  
                 if !status.is_ok() {
                         // TODO: Handle 3xx redirection responses.
-                       let error_details = match contents.is_ascii() {
-                               true => String::from_utf8_lossy(&contents).to_string(),
-                               false => "binary".to_string()
+                       let error_details = match String::from_utf8(contents) {
+                               // Check that the string is all-ASCII with no control characters before returning
+                               // it.
+                               Ok(s) if s.as_bytes().iter().all(|c| c.is_ascii() && !c.is_ascii_control()) => s,
+                               _ => "binary".to_string()
                         };
                         let error_msg = format!("Errored with status: {} and contents: {}",
                                                 status.code, error_details);
author	Matt Corallo <git@bluematt.me>
	Thu, 13 May 2021 19:34:17 +0000 (19:34 +0000)
committer	Matt Corallo <git@bluematt.me>
	Thu, 13 May 2021 21:58:01 +0000 (21:58 +0000)