[Bug 2434] scp can send arbitrary control characters / escape sequences to the terminal

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Feb 15 21:45:33 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2434

--- Comment #15 from Damien Miller <djm at mindrot.org> ---
(In reply to Darren Tucker from comment #14)

> > I think smprintf() will fallback to vis(3) internally so you
> > shouldn't need this case.
> 
> it doesn't.  It gets to the first escape char then it stops writing
> to the output, sets the output characters param then returns -1
> leaving the string unterminated, which will cause corrupted output,
> head scratching and debug printfs.  Hypothetically.

:)

I don't see this behaviour though and it's definitely a bug if it is
happening. I've tested that mprintf doesn't choke on control-chars in
ssh, ssh-keygen and sftp though we don't use the column-limit feature
in any of them AFAIK.

Hacking that in to ssh-keygen:

+{ char b[80]; int x = 20;
+snmprintf(b, sizeof(b), &x, "\x12XXX");
+printf("%s\n", b);
+return 0;
+}

produces the expected "\022XXX" output too for both LC_CTYPE set to
UTF-8 and C...

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list