From 758965d177d75f529bb88e24564a0bdb5e406fc6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 27 Sep 2016 20:22:53 -0400 Subject: Filter out escape sequences and any other unusual characters when writing all messages to the console. This should protect against all attacks where the server sends back a malicious message. --- keysafe.hs | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'keysafe.hs') diff --git a/keysafe.hs b/keysafe.hs index d27f87a..bd63ff1 100644 --- a/keysafe.hs +++ b/keysafe.hs @@ -11,6 +11,7 @@ import Types import Tunables import qualified CmdLine import UI +import Output import Encryption import Entropy import Benchmark @@ -40,7 +41,6 @@ import qualified Data.Text as T import qualified Data.ByteString as B import qualified Data.ByteString.UTF8 as BU8 import qualified Data.Set as S -import System.IO import System.Posix.User (userGecos, getUserEntryForID, getEffectiveUserID) main :: IO () @@ -411,9 +411,9 @@ autoStart cmdline tunables ui = do checkServers :: IO () checkServers = do - putStrLn $ "Checking " ++ show (length networkServers) ++ " servers concurrently; please wait..." + say $ "Checking " ++ show (length networkServers) ++ " servers concurrently; please wait..." results <- mapConcurrently check networkServers - mapM_ display results + mapM_ displayresult results case filter failed results of [] -> return () l @@ -433,14 +433,14 @@ checkServers = do (_, Left e) -> return (s, Left e) (_, Right (CountFailure e)) -> return (s, Left e) - display (s, v) = do - putStrLn $ "* " ++ sn s ++ " -- " ++ serverDesc s + displayresult (s, v) = do + say $ "* " ++ sn s ++ " -- " ++ serverDesc s case v of Right (mt, cr) -> do - putStrLn $ " MOTD: " ++ T.unpack mt - putStrLn $ " object count: " ++ show cr - Left e -> hPutStrLn stderr $ - " failed to get connect to " ++ sn s ++ ": " ++ e + say $ " MOTD: " ++ T.unpack mt + say $ " object count: " ++ show cr + Left e -> warn $ + " failed to connect to " ++ sn s ++ ": " ++ e failed (_, Left _) = True failed _ = False -- cgit v1.2.3