rabbit_reader: Format `Explanation` before passing it

... to `rabbit_misc:amqp_error()`. `Explanation` can be a user input. Therefore, we don't want to pass it as a format string to `rabbit_misc:amqp_error()`, as we can't trust its content. Now, we pass our own format string ("~s") and `Explanation` becomes the argument to that format string. This ensures we don't interpret untrusted user input. Discussed with: @dcorbacho, @essen and @michaelklishin.
author: Jean-Sébastien Pédron <jean-sebastien@rabbitmq.com> 2019-10-31 14:00:18 +0100
committer: Jean-Sébastien Pédron <jean-sebastien@rabbitmq.com> 2019-10-31 14:10:19 +0100
commit: 4b644692a41732dff21970ed1cfe640a848e61b7 (patch)
tree: 13b55bc8c6eb40b458c8e9346f33bd83900335a4 /src
parent: c6373392c1dad8b5424ee3f008a7e1ac7ae861cb (diff)
download: rabbitmq-server-git-4b644692a41732dff21970ed1cfe640a848e61b7.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl
index 39ac0ef8ac..116dcf89e6 100644
--- a/src/rabbit_reader.erl
+++ b/src/rabbit_reader.erl
@@ -663,7 +663,7 @@ switch_callback(State, Callback, Length) ->
 terminate(Explanation, State) when ?IS_RUNNING(State) ->
     {normal, handle_exception(State, 0,
                               rabbit_misc:amqp_error(
-                                connection_forced, Explanation, [], none))};
+                                connection_forced, "~s", [Explanation], none))};
 terminate(_Explanation, State) ->
     {force, State}.
author	Jean-Sébastien Pédron <jean-sebastien@rabbitmq.com>	2019-10-31 14:00:18 +0100
committer	Jean-Sébastien Pédron <jean-sebastien@rabbitmq.com>	2019-10-31 14:10:19 +0100
commit	4b644692a41732dff21970ed1cfe640a848e61b7 (patch)
tree	13b55bc8c6eb40b458c8e9346f33bd83900335a4 /src
parent	c6373392c1dad8b5424ee3f008a7e1ac7ae861cb (diff)
download	rabbitmq-server-git-4b644692a41732dff21970ed1cfe640a848e61b7.tar.gz