summaryrefslogtreecommitdiff
path: root/usr.sbin/sasyncd
diff options
context:
space:
mode:
authorIngo Schwarze <schwarze@cvs.openbsd.org>2016-05-25 23:48:46 +0000
committerIngo Schwarze <schwarze@cvs.openbsd.org>2016-05-25 23:48:46 +0000
commitdf1b04e5ebbd86edbf64973c34d70cbf07f3f6b2 (patch)
treed95e8e32fda94d3061d4e8ad1b995c1fe1dcd7fe /usr.sbin/sasyncd
parente69bd3c404b0713d8e6c45cbda62ce1e4dfd572e (diff)
To prevent screwing up terminal settings when printing to the
terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter. This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream. Using feedback from djm@ and martijn@, various aspects discussed with many others. deraadt@ says it should go in now, i probably already hesitated too long
Diffstat (limited to 'usr.sbin/sasyncd')
0 files changed, 0 insertions, 0 deletions