summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorsemarie <semarie@openbsd.org>2015-07-15 16:02:38 +0000
committersemarie <semarie@openbsd.org>2015-07-15 16:02:38 +0000
commit6ebc1f19f436cf9490c7a50b5d27eb67c9f62173 (patch)
treea3d2a5e0a8a4f20c5ff47ac481ef076ef8221b12 /lib
parentSend the TLS certificate and key via separate imsgs, rather than (diff)
downloadwireguard-openbsd-6ebc1f19f436cf9490c7a50b5d27eb67c9f62173.tar.xz
wireguard-openbsd-6ebc1f19f436cf9490c7a50b5d27eb67c9f62173.zip
httpd don't sanitize variables before putting them in logs. It is possible for
an attacker to push arbitaries characters in logs (newline for forging entries, or some control escaping interpreted by terminal emulator). OK reyk@
Diffstat (limited to 'lib')
0 files changed, 0 insertions, 0 deletions
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.