[reSIProcate] Message::operator<<
Rohan Mahy
rohan at cisco.com
Thu Jul 15 18:03:07 CDT 2004
On Jul 15, 2004, at 2:40 PM, david Butcher wrote:
>
> If we feel that strongly about it, we can do something inside logging.
> Forcing the cost onto the inserter in general seems wrong.
agreed on both counts.
thx,
-r
>
> david
>
>> -----Original Message-----
>> From: Rohan Mahy [mailto:rohan at cisco.com]
>> Sent: Thursday, July 15, 2004 2:28 PM
>> To: david Butcher
>> Cc: resiprocate-devel at list.sipfoundry.org; Rohan Mahy
>> Subject: Re: [reSIProcate] Message::operator<<
>>
>>
>> Hey,
>>
>> This really concerns me from a security point of view. If there is
>> any
>> chance that an attacker can use a program that just writes out a
>> message to a log (for example) as an attack vector then I think we
>> should pay the performance penalty to protect the app developer.
>>
>> thx,
>> -r
>>
>> On Jul 15, 2004, at 1:19 PM, david Butcher wrote:
>>
>>> Hi all,
>>>
>>> I removed the the call to escaped() in Message::operator<<.
>>> This was an efficiency hit and breaks UTF-8.
>>>
>>> Apps calling only msg->encode(stream) are not exposed to this
>>> problem.
>>>
>>> We don't deal with %xx encoding on the read side anyway.
>>> I have some ideas about how to deal with this if any one needs to in
>>> the
>>> short term.
>>>
>>> Some of us have been careful to escape when outputting to the log.
>>> This change may reduce logging safety. If you want to encode a
>>> message
>>> going
>>> to the log,
>>> use << Data::from(*msg).escaped() rather than just << *msg.
>>>
>>> david
>>>
>>> _______________________________________________
>>> resiprocate-devel mailing list
>>> resiprocate-devel at list.sipfoundry.org
>>> https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel
>>
>>
More information about the resiprocate-devel
mailing list