I am messing around with Rustygear's SET_CLIENT_ID and workers admin protocol implementation and I noticed that you can send anything. \0 and \n are particularly problematic.
DEBUG Logs that are being emitted with \n as the delimiter, get messed up. I don't consider DEBUG critical, but it's still annoying and will break any log parsers.
The workers command gets corrupted if you put \n in the client ID, as this is the delimiter for the command.
gearmand uses %s on the client ID while emitting the workers command, so it never prints anything after any nulls.
I think the right thing to do is make a protocol refinement which will suggest that the content of client ID has to be UTF-8, and then update gearmand to reject non-UTF-8 content with an ERROR packet.
I am messing around with Rustygear's SET_CLIENT_ID and
workers
admin protocol implementation and I noticed that you can send anything.\0
and\n
are particularly problematic.%s
on the client ID while emitting the workers command, so it never prints anything after any nulls.I think the right thing to do is make a protocol refinement which will suggest that the content of client ID has to be UTF-8, and then update gearmand to reject non-UTF-8 content with an ERROR packet.