Add some functions to escape values from the network before sending them to the log. Use them everywhere except for routerinfo->plaftorm, routerinfo->contact_info, and rend*.c. (need sleep now)

svn:r6087

1 files changed, 9 insertions, 5 deletions

diff --git a/doc/TODO b/doc/TODO
index 3a292f1372..7611f127b5 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -45,9 +45,13 @@ N - building on freebsd 6.0: (with multiple openssl installations)
     - authorities should *never* 503 a cache, but *should* 503 clients
       when they feel like it.
     - update dir-spec with what we decided for each of these
-  - when logging unknown http headers, this could include bad escape codes?
-    - more generally, attacker-controller log entries with newlines in them
-      are dangerous for our users.
+  o when logging unknown http headers, this could include bad escape codes?
+    more generally, attacker-controller log entries with newlines in them
+    are dangerous for our users.
+    o So... add functions to escape potentially malicious values before
+      logging them, and test values more closely as they arrive...
+    - But what to do about contact_info and platform?
+    - (Didn't finish converting rend*.c)
   - Make "setconf" and "hup" behavior cleaner for LINELIST config
     options (e.g. Log). Bug 238.
 R - Jan 26 10:25:04.832 [warn] add_an_entry_guard(): Tried finding a
@@ -56,11 +60,11 @@ R - streamline how we define a guard node as 'up'. document it
     somewhere.
 R - reduce log severity for guard nodes.
 R - make guard node timeout higher.
-N . Clean and future-proof exit policy formats a bit.
+  o Clean and future-proof exit policy formats a bit.
     o Likewise accept, but don't generate /bits formats (unless they're
       accepted in 0.0.9 and later).
     o Warn when we see a netmask that isn't a prefix.
-    - Make clients understand "private:*" in exit policies, even though
+    o Make clients understand "private:*" in exit policies, even though
       we don't generate it yet.
 
 for 0.1.1.x-final: