Here's the commit from when the topic last came up:
commit 5f6f08c858f328139b1a95bbebffd86c7036509a
pluto: don't call sanitize_string() in fmt_log() as it is expensive
fmt_log() is only used to write logs, not to pass anything to
updown. We leave the call in for DBG_log() since if you're in
debugging mode, you're slow anyway.
Strings taken from the network and passed to updown are few, and
those calls go via cisco_stringify() which calls sanitize_string()
The only thing I know of preventing sanitize_string() being removed from
the dbg() code path is dntoa() - it doesn't sanitize so there's speculation
that it could be emitting unprintable characters (but we've no evidence
either way and we suspect NSS filters out bogus DNs?) - just need to ensure
that dntoa()'s out gets sanitized.
is there anything else?
Andrew
PS: should cisco_stringify() be using jam_meta_escaped_bytes()
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
