[Bug 2434] scp can send arbitrary control characters / escape sequences to the terminal

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Feb 15 20:18:13 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2434

--- Comment #14 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Damien Miller from comment #13)
> oops, yes. What happens if a window size change happens between
> update_progress_displayname() and update_progress_meter()?

The display will be a bit off for one cycle then it'll correct itself.

If the window got wider, the line will be too narrow briefly.  If the
window got narrower then the line will be too long but otherwise OK. 
In the latter case I think the exact behaviour will vary depending on
the terminal, but gnome terminal here doesn't line feed so it also
recovers ok.

> It looks like it will cause the filename to only be updated after
> both have been called.

I don't follow.  displayname is an array of 2 strings, one of which
should be good as soon as update_progress_displayname() returns.

> If this is the case, could you move
> setscreensize() out of update_progress_meter() (where it is in
> signal context and strictly not safe) and into
> update_progress_displayname().

I actually tried that and it caused the filename to be missing
initially although I did not immediately see why.

> I think smprintf() will fallback to vis(3) internally so you
> shouldn't need this case.

it doesn't.  It gets to the first escape char then it stops writing to
the output, sets the output characters param then returns -1 leaving
the string unterminated, which will cause corrupted output, head
scratching and debug printfs.  Hypothetically.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list