commit: ce648e7539607a1809a1e4a037ade84bb4cde7b2 Author: Kerin Millar <kfm <AT> plushkava <DOT> net> AuthorDate: Wed Feb 15 07:35:20 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Feb 15 07:43:55 2023 +0000 URL: https://gitweb.gentoo.org/proj/gentoo-functions.git/commit/?id=ce648e75
Do not use %b to decode user-supplied message strings For a long time, user-supplied message strings were injected into format strings used by printf. Obviously, doing so was a bad thing because it would cause printf to interpret any escape sequences and format specifiers that might be present in the string. The issue of specifier injection was dealt with by the introduction of _eprint(). This commit deals with the remaining issue by eliminating the use of %b, whose only effect was to needlessly try to decode the message string according to the same rules as echo -e (for XSI-conformant systems). Signed-off-by: Kerin Millar <kfm <AT> plushkava.net> Bug: https://bugs.gentoo.org/730432 Signed-off-by: Sam James <sam <AT> gentoo.org> functions.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/functions.sh b/functions.sh index a0422b6..6b11645 100644 --- a/functions.sh +++ b/functions.sh @@ -17,9 +17,9 @@ _eprint() { printf '\n' fi if [ -t 1 ]; then - printf ' %s*%s %s%b' "${color}" "${NORMAL}" "${genfun_indent}" "$*" + printf ' %s*%s %s%s' "${color}" "${NORMAL}" "${genfun_indent}" "$*" else - printf ' * %s%b' "${genfun_indent}" "$*" + printf ' * %s%s' "${genfun_indent}" "$*" fi } @@ -131,7 +131,8 @@ einfon() # einfo() { - einfon "$*\\n" + einfon "$* +" genfun_lastcall="einfo" } @@ -152,7 +153,8 @@ ewarnn() # ewarn() { - ewarnn "$*\\n" + ewarnn "$* +" genfun_lastcall="ewarn" } @@ -174,7 +176,8 @@ eerrorn() # eerror() { - eerrorn "$*\\n" + eerrorn "$* +" genfun_lastcall="eerror" return 1 }
