Filter out escape sequences and any other unusual characters when writing all messages to the console.

This should protect against all attacks where the server sends back a
malicious message.

1 files changed, 5 insertions, 6 deletions

diff --git a/Storage.hs b/Storage.hs
index 59da0d1..10e6bfe 100644
--- a/Storage.hs
+++ b/Storage.hs
@@ -11,6 +11,7 @@ import Types
 import Types.Storage
 import Types.Server
 import Types.Cost
+import Output
 import Share
 import Storage.Local
 import Storage.Network
@@ -19,7 +20,6 @@ import Tunables
 import Data.Maybe
 import Data.List
 import Data.Monoid
-import System.IO
 import System.FilePath
 import Control.Monad
 import Crypto.Random
@@ -176,8 +176,8 @@ tryUploadQueued d = do
 
 storeChaff :: HostName -> Port -> Maybe Seconds -> IO ()
 storeChaff hn port delayseconds = forever $ do
-	putStrLn $ "Sending chaff to " ++ hn ++ " (press ctrl-c to stop)"
-	putStrLn "Legend: + = successful upload, ! = upload failure"
+	say $ "Sending chaff to " ++ hn ++ " (press ctrl-c to stop)"
+	say "Legend: + = successful upload, ! = upload failure"
 	rng <- (cprgCreate <$> createEntropyPool) :: IO SystemRNG
 	let (randomname, rng') = cprgGenerate 128 rng
 	-- It's ok the use the testModeTunables here because
@@ -202,7 +202,6 @@ storeChaff hn port delayseconds = forever $ do
 		let i = S.toList is !! (n - 1)
 		r <- storeShare server i share
 		case r of
-			StoreSuccess -> putStr "+"
-			_ -> putStr "!"
-		hFlush stdout
+			StoreSuccess -> progress "+"
+			_ -> progress "!"
 		go sis' rng' n