From e92e26f84d94f70dfa47402f07eeea435bc2e701 Mon Sep 17 00:00:00 2001
From: Christian Decker <decker.christian@gmail.com>
Date: Thu, 8 Feb 2018 21:05:29 +0100
Subject: [PATCH] json-rpc: Check for unprintable characters in JSON-RPC
 commands

As reported by @practicalswift in #945 it is possible to inject
non-printable, or shell escape, characters in a json command, that
will fail to parse and then clear the shell.

Reported-by: @practicalswift
Signed-off-by: Christian Decker <decker.christian@gmail.com>
---
 lightningd/log.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/lightningd/log.c b/lightningd/log.c
index 8334e6391..a5205e2cc 100644
--- a/lightningd/log.c
+++ b/lightningd/log.c
@@ -256,6 +256,12 @@ void logv(struct log *log, enum log_level level, const char *fmt, va_list ap)
 	struct log_entry *l = new_log_entry(log, level);
 
 	l->log = tal_vfmt(l, fmt, ap);
+
+	/* Sanitize any non-printable characters, and replace with '?' */
+	for (size_t i=0; i<strlen(l->log); i++)
+		if (l->log[i] < ' ' || l->log[i] >= 0x7f)
+			l->log[i] = '?';
+
 	maybe_print(log, l, 0);
 
 	add_entry(log, l);
@@ -289,6 +295,12 @@ void logv_add(struct log *log, const char *fmt, va_list ap)
 	list_del_from(&log->lr->log, &l->list);
 
 	tal_append_vfmt(&l->log, fmt, ap);
+
+	/* Sanitize any non-printable characters, and replace with '?' */
+	for (size_t i=oldlen; i<strlen(l->log); i++)
+		if (l->log[i] < ' ' || l->log[i] >= 0x7f)
+			l->log[i] = '?';
+
 	add_entry(log, l);
 
 	maybe_print(log, l, oldlen);