passing err.Error() to the format string of grpc.Errorf allows format string injection
#396
Comments
|
The title isn't quite accurate. I don't think this causes any problems in practice beyond a confusing error string, but it deserves to be fixed. |
|
Good spot, that is indeed wrong, would you like to contribute a fix? |
petermattis
added a commit
to petermattis/go-grpc-middleware
that referenced
this issue
Feb 11, 2021
Use `status.Error` instead of `status.Errorf` when the format string is non-constant and not actually a format string. In the case of the validator middleware, the error being supplied as a format string could potentially contain data supplied by an attacker allowing for format string injection. This doesn't appear to be an actual problem due to `fmt` being safe in this regards, but it certainly isn't good practice to provide a format string that an attacker can control. Fixes grpc-ecosystem#396
johanbrandhorst
pushed a commit
that referenced
this issue
Feb 11, 2021
Use `status.Error` instead of `status.Errorf` when the format string is non-constant and not actually a format string. In the case of the validator middleware, the error being supplied as a format string could potentially contain data supplied by an attacker allowing for format string injection. This doesn't appear to be an actual problem due to `fmt` being safe in this regards, but it certainly isn't good practice to provide a format string that an attacker can control. Fixes #396
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
go-grpc-middleware/validator/validator.go
Line 25 in fab13c2
I think the call to
grpc.Errorfshould look something likegrpc.Errorf(codes.InvalidArgument, "%s", err.Error()). Alternately, you could callstatus.Errorinstead sincegrpc.Errorfis a wrapper aroundstatus.Errorf.The text was updated successfully, but these errors were encountered: