Re: bin/60154: sha256 and related checksum utilities fail to escape filenames printed to a terminal

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,arraybolt3%riseup.net@localhost
Subject: Re: bin/60154: sha256 and related checksum utilities fail to escape filenames printed to a terminal
From: "Martin Husemann via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Wed, 1 Apr 2026 10:45:02 +0000 (UTC)

The following reply was made to PR bin/60154; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/60154: sha256 and related checksum utilities fail to escape
 filenames printed to a terminal
Date: Wed, 1 Apr 2026 12:41:09 +0200

 Here is a suggested patch that seems to fix it for me.
 
 Output from the "mal" file in this PR looks now like this:
 
 (SHA256) \^[\[1\;1H\^[\[0J\^[\[30m: FAILED
 
 
 Martin
 
 
 Index: cksum.c
 ===================================================================
 RCS file: /cvsroot/src/usr.bin/cksum/cksum.c,v
 retrieving revision 1.52
 diff -u -p -r1.52 cksum.c
 --- cksum.c	25 Jun 2022 02:22:42 -0000	1.52
 +++ cksum.c	1 Apr 2026 10:38:14 -0000
 @@ -101,6 +101,7 @@ __RCSID("$NetBSD: cksum.c,v 1.52 2022/06
  #include <stdlib.h>
  #include <string.h>
  #include <unistd.h>
 +#include <vis.h>
  
  #include "extern.h"
  
 @@ -289,6 +290,7 @@ main(int argc, char **argv)
  		char *s, *p_filename, *p_cksum;
  		int l_filename, l_cksum;
  		char filename[BUFSIZ];
 +		char safe_filename[BUFSIZ*4+1];
  		char cksum[BUFSIZ];
  		int ok,cnt,badcnt;
  
 @@ -420,6 +422,15 @@ main(int argc, char **argv)
  			strlcpy(filename, p_filename, l_filename+1);
  			strlcpy(cksum, p_cksum, l_cksum+1);
  
 +			if (strnvis(safe_filename, sizeof(safe_filename),
 +			    filename, VIS_META|VIS_CSTYLE) == -1) {
 +				if (check_warn)
 +					warnx("strnvis failed, can not print "
 +					    "filename");
 +				rval = 1;
 +				continue;
 +			}
 +
  			if (hash) {
  				char *h;
  
 @@ -432,7 +443,7 @@ main(int argc, char **argv)
  			} else {
  				if ((fd = open(filename, O_RDONLY, 0)) < 0) {
  					if (check_warn)
 -						warn("%s", filename);
 +						warn("%s", safe_filename);
  					rval = 1;
  					ok = 0;
  				} else {
 @@ -455,7 +466,7 @@ main(int argc, char **argv)
  			if (! ok) {
  				if (hash)
  					printf("(%s) ", hash->hashname);
 -				printf("%s: FAILED\n", filename);
 +				printf("%s: FAILED\n", safe_filename);
  				badcnt++;
  			}
  			cnt++;

Prev by Date: bin/60154: sha256 and related checksum utilities fail to escape filenames printed to a terminal
Previous by Thread: bin/60154: sha256 and related checksum utilities fail to escape filenames printed to a terminal
Indexes:

Home | Main Index | Thread Index | Old Index