You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
let path = req.path().trim_start_matches("/add_domain/");
let host = path;
let host = if host.starts_with("www.") { &host[4..] } else { host };
loghostname::log_hostname_if_new(host);
I've noted in testing that "host" can contain null characters, which should be impossible. We've detected third party clients intentionally sending null characters in the hostname field of their requests, either maliciously or by accident.
When we log the new hostname we've detected, our logs would get messed up due to these nulls.
Current Behavior
Null characters can be part of request.path()
Possible Solution
Filter out characters that should be "impossible" to be part of the request.
Steps to Reproduce (for bugs)
Create a new project
Log the received hostname
Send a request containin null characters (this may be difficult to do)
See that the nulls are in the log.
Context
Messes up logging of new and novel hostnames received, may mess up other forms of logging too.
Your Environment
Windows 10 & Ubuntu Linux 22
rustc 1.73.0 (cc66ad468 2023-10-03)
The text was updated successfully, but these errors were encountered:
Expected Behavior
I'm doing something like the below:
let path = req.path().trim_start_matches("/add_domain/");
let host = path;
let host = if host.starts_with("www.") { &host[4..] } else { host };
loghostname::log_hostname_if_new(host);
I've noted in testing that "host" can contain null characters, which should be impossible. We've detected third party clients intentionally sending null characters in the hostname field of their requests, either maliciously or by accident.
When we log the new hostname we've detected, our logs would get messed up due to these nulls.
Current Behavior
Null characters can be part of request.path()
Possible Solution
Filter out characters that should be "impossible" to be part of the request.
Steps to Reproduce (for bugs)
Context
Messes up logging of new and novel hostnames received, may mess up other forms of logging too.
Your Environment
Windows 10 & Ubuntu Linux 22
rustc 1.73.0 (cc66ad468 2023-10-03)
The text was updated successfully, but these errors were encountered: