[Bug 2434] scp can send arbitrary control characters / escape sequences to the terminal

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jun 30 14:08:42 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2434

--- Comment #21 from Damien Miller <djm at mindrot.org> ---
Comment on attachment 2942
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2942
Simplify population of file name display

>This keeps the padded and/or truncated displayname in its own variable
>which will allow later use of non-signal-safe functions like snmprintf
>to compose it.
...
>-	snprintf(buf + strlen(buf), win_size - strlen(buf),
>-	    " %3d%% ", percent);
>+	snprintf(buf, sizeof(buf), "\r%s %3d%% ", displayname, percent);

AFAIK it's not safe to truncate arbitrary strings using char* (as
opposed to wchar_t*) functions when the charset is not US-ASCII or
UTF-8. Could you do the truncation using snmprintf() instead?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list