From 758965d177d75f529bb88e24564a0bdb5e406fc6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 27 Sep 2016 20:22:53 -0400 Subject: Filter out escape sequences and any other unusual characters when writing all messages to the console. This should protect against all attacks where the server sends back a malicious message. --- Storage.hs | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'Storage.hs') diff --git a/Storage.hs b/Storage.hs index 59da0d1..10e6bfe 100644 --- a/Storage.hs +++ b/Storage.hs @@ -11,6 +11,7 @@ import Types import Types.Storage import Types.Server import Types.Cost +import Output import Share import Storage.Local import Storage.Network @@ -19,7 +20,6 @@ import Tunables import Data.Maybe import Data.List import Data.Monoid -import System.IO import System.FilePath import Control.Monad import Crypto.Random @@ -176,8 +176,8 @@ tryUploadQueued d = do storeChaff :: HostName -> Port -> Maybe Seconds -> IO () storeChaff hn port delayseconds = forever $ do - putStrLn $ "Sending chaff to " ++ hn ++ " (press ctrl-c to stop)" - putStrLn "Legend: + = successful upload, ! = upload failure" + say $ "Sending chaff to " ++ hn ++ " (press ctrl-c to stop)" + say "Legend: + = successful upload, ! = upload failure" rng <- (cprgCreate <$> createEntropyPool) :: IO SystemRNG let (randomname, rng') = cprgGenerate 128 rng -- It's ok the use the testModeTunables here because @@ -202,7 +202,6 @@ storeChaff hn port delayseconds = forever $ do let i = S.toList is !! (n - 1) r <- storeShare server i share case r of - StoreSuccess -> putStr "+" - _ -> putStr "!" - hFlush stdout + StoreSuccess -> progress "+" + _ -> progress "!" go sis' rng' n -- cgit v1.2.3