On Tue, May 09, 2023 at 03:05:41PM +0200, Laszlo Ersek wrote:
[...]
> Then, in the post-patch version, the following catches my eye:
>
> fp_inner = open_memstream (_inner, _inner);
> if (fp_inner == NULL) {
> fail:
> /* Try to emit what we can. */
> errno = err;
> vfprintf
On 5/9/23 11:51, Richard W.M. Jones wrote:
> Debug strings contain all kinds of information including some under
> user control. Previously we simply sent everything to stderr, but
> this is potentially insecure, as well as not dealing well with
> non-printable characters. Escape these strings
Debug strings contain all kinds of information including some under
user control. Previously we simply sent everything to stderr, but
this is potentially insecure, as well as not dealing well with
non-printable characters. Escape these strings when printing.
---
server/debug.c | 52