Re: [PATCH 1/1] Stop tar printing unsafe archive lists to stdout ?

Ian Norton wrote in : |Hi all, I'm not really sure what to do now? My change works and is \ |included as patches from my earlier messages but I've not seen it be \ |merged or any questions/changes requested. Wait and keep calm. For ie dash it may even take more than a year before the maintaine

Re: [PATCH 1/1] Stop tar printing unsafe archive lists to stdout ?

Hi all, I'm not really sure what to do now? My change works and is included as patches from my earlier messages but I've not seen it be merged or any questions/changes requested. Ian On 2024-07-30, 09:17, "Ian Norton" mailto:ian.nor...@entrust.com>> wrote: > > Is there anything more I need to

Re: [PATCH 1/1] Stop tar printing unsafe archive lists to stdout

Ian Norton wrote in <29b6aed0-317b-4749-81ed-0bcbb8174...@entrust.com>: |Is there anything more I need to do for this fix? Disclaimer: i have nothing to do with this software. Furthermore i have no idea of internals (except some ash). But if i were you i would cache results stdout and stderr (vi

Re: [PATCH 1/1] Stop tar printing unsafe archive lists to stdout

Is there anything more I need to do for this fix? --- On 09/07/2024, 09:27, "Ian Norton" mailto:ian.nor...@entrust.com>> wrote: Prevent unprintable bytes including terminal escapes being printed when listing tar file contents in a terminal as this can be used to hide malicious archive content fr

[PATCH 1/1] Stop tar printing unsafe archive lists to stdout

Prevent unprintable bytes including terminal escapes being printed when listing tar file contents in a terminal as this can be used to hide malicious archive content from users prior to unpacking a file. Re #16018 Also added bb_safe_dump_str() to include/libbb.h --- archival/libarchive/header_li

Re: [EXTERNAL] Re: [PATCH 1/1] Stop tar printing unsafe archive lists to stdout

On 08/07/2024, 20:58, "Ian Norton" mailto:ian.nor...@entrust.com>> wrote: > On Monday 8 July 2024 Steffen Nurpmeso > wrote: > > But then I did a grep and found unicode_conv_to_printable(). > > How about simply using this?? > I think it will leave the traditional cr/l

Re: [EXTERNAL] Re: [PATCH 1/1] Stop tar printing unsafe archive lists to stdout

On Monday 8 July 2024 Steffen Nurpmeso wrote: > Seeing diff hunk context i myself would then do (maybe, likely) char c; while((c = *msg++) != '\0') fputc((isprint_asciionly(c) ? c : '?'), fd); |+ } else { |+ fprintf(fd, "%s",

Re: [PATCH 1/1] Stop tar printing unsafe archive lists to stdout

..fwiw.. Ian Norton wrote in <3f5a853d-6703-492b-95e6-34cbcf5b2...@entrust.com>: |Fixes #16018 by preventing the output of terminal/formatting codes \ |to stdout when listing archive content |See https://bugs.busybox.net/show_bug.cgi?id=16018 | |If stdout is a TTY unsafe chars are replaced w

[PATCH 1/1] Stop tar printing unsafe archive lists to stdout

Fixes #16018 by preventing the output of terminal/formatting codes to stdout when listing archive content See https://bugs.busybox.net/show_bug.cgi?id=16018 If stdout is a TTY unsafe chars are replaced with '?': Before: $ busybox tar -tf bad.tar a-totally-innocent-looking-filename.txt After: $