From 0e059cdf5fd86297546c63fa8607c24059118832 Mon Sep 17 00:00:00 2001 From: "schwarze@openbsd.org" Date: Wed, 25 May 2016 23:48:45 +0000 Subject: upstream commit To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter. This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream. Using feedback from djm@ and martijn@, various aspects discussed with many others. deraadt@ says it should go in now, i probably already hesitated too long Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0 --- sftp-client.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'sftp-client.c') diff --git a/sftp-client.c b/sftp-client.c index faf14684c..0ca44a4d6 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.123 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.124 2016/05/25 23:48:45 schwarze Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -53,6 +53,7 @@ #include "atomicio.h" #include "progressmeter.h" #include "misc.h" +#include "utf8.h" #include "sftp.h" #include "sftp-common.h" @@ -610,7 +611,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, } if (print_flag) - printf("%s\n", longname); + mprintf("%s\n", longname); /* * Directory entries should never contain '/' @@ -1460,7 +1461,7 @@ download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, return -1; } if (print_flag) - printf("Retrieving %s\n", src); + mprintf("Retrieving %s\n", src); if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) mode = dirattrib->perm & 01777; @@ -1793,7 +1794,7 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, return -1; } if (print_flag) - printf("Entering %s\n", src); + mprintf("Entering %s\n", src); attrib_clear(&a); stat_to_attrib(&sb, &a); -- cgit v1.2.3