diff options
| author | schwarze@openbsd.org <schwarze@openbsd.org> | 2016-05-25 23:48:45 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2016-06-06 11:27:38 +1000 |
| commit | 0e059cdf5fd86297546c63fa8607c24059118832 (patch) | |
| tree | 830942b6fd6f34250a42f265c1c90b9a398a6ab4 /sftp-client.c | |
| parent | 8c02e3639acefe1e447e293dbe23a0917abd3734 (diff) | |
upstream commit
To prevent screwing up terminal settings when printing to
the terminal, for ASCII and UTF-8, escape bytes not forming characters and
bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
character sets, abort printing of the current string in these cases. In
particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
sanitize data received from the remote host; * sanitize filenames, usernames,
and similar data even locally; * take character display widths into account
for the progressmeter.
This is believed to be sufficient to keep the local terminal safe
on OpenBSD, but bad things can still happen on other systems with
state-dependent locales because many places in the code print
unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@,
various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
Diffstat (limited to 'sftp-client.c')
| -rw-r--r-- | sftp-client.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/sftp-client.c b/sftp-client.c index faf14684c..0ca44a4d6 100644 --- a/sftp-client.c +++ b/sftp-client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sftp-client.c,v 1.123 2016/05/02 08:49:03 djm Exp $ */ | 1 | /* $OpenBSD: sftp-client.c,v 1.124 2016/05/25 23:48:45 schwarze Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
| 4 | * | 4 | * |
| @@ -53,6 +53,7 @@ | |||
| 53 | #include "atomicio.h" | 53 | #include "atomicio.h" |
| 54 | #include "progressmeter.h" | 54 | #include "progressmeter.h" |
| 55 | #include "misc.h" | 55 | #include "misc.h" |
| 56 | #include "utf8.h" | ||
| 56 | 57 | ||
| 57 | #include "sftp.h" | 58 | #include "sftp.h" |
| 58 | #include "sftp-common.h" | 59 | #include "sftp-common.h" |
| @@ -610,7 +611,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, | |||
| 610 | } | 611 | } |
| 611 | 612 | ||
| 612 | if (print_flag) | 613 | if (print_flag) |
| 613 | printf("%s\n", longname); | 614 | mprintf("%s\n", longname); |
| 614 | 615 | ||
| 615 | /* | 616 | /* |
| 616 | * Directory entries should never contain '/' | 617 | * Directory entries should never contain '/' |
| @@ -1460,7 +1461,7 @@ download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, | |||
| 1460 | return -1; | 1461 | return -1; |
| 1461 | } | 1462 | } |
| 1462 | if (print_flag) | 1463 | if (print_flag) |
| 1463 | printf("Retrieving %s\n", src); | 1464 | mprintf("Retrieving %s\n", src); |
| 1464 | 1465 | ||
| 1465 | if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) | 1466 | if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) |
| 1466 | mode = dirattrib->perm & 01777; | 1467 | mode = dirattrib->perm & 01777; |
| @@ -1793,7 +1794,7 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, | |||
| 1793 | return -1; | 1794 | return -1; |
| 1794 | } | 1795 | } |
| 1795 | if (print_flag) | 1796 | if (print_flag) |
| 1796 | printf("Entering %s\n", src); | 1797 | mprintf("Entering %s\n", src); |
| 1797 | 1798 | ||
| 1798 | attrib_clear(&a); | 1799 | attrib_clear(&a); |
| 1799 | stat_to_attrib(&sb, &a); | 1800 | stat_to_attrib(&sb, &a); |