Rework handling of untrusted terminal data.

Now there's a centralised routine in misc.c to do the sanitisation, which copies data on to an outgoing bufchain. This allows me to remove from_backend_untrusted() completely from the frontend API, simplifying code in several places. Two use cases for untrusted-terminal-data sanitisation were in the terminal.c prompts handler, and in the collection of SSH-2 userauth banners. Both of those were writing output to a bufchain anyway, so it was very convenient to just replace a bufchain_add with sanitise_term_data and then not have to worry about it again. There was also a simplistic sanitiser in uxcons.c, which I've now replaced with a call to the good one - and in wincons.c there was a FIXME saying I ought to get round to that, which now I have!
2025-07-01 03:22:48 -05:00 · 2018-09-19 18:22:36 +01:00
parent af8e526a7d
commit 63a14f26f7
13 changed files with 64 additions and 85 deletions
--- a/unix/gtkwin.c
+++ b/unix/gtkwin.c
@ -305,11 +305,6 @@ int from_backend(Frontend *inst, int is_stderr, const void *data, int len)
    return term_data(inst->term, is_stderr, data, len);
 }

-int from_backend_untrusted(Frontend *inst, const void *data, int len)
-{
-    return term_data_untrusted(inst->term, data, len);
-}
-
 int from_backend_eof(Frontend *inst)
 {
    return TRUE;   /* do respond to incoming EOF with outgoing */
--- a/unix/uxcons.c
+++ b/unix/uxcons.c
@ -448,11 +448,16 @@ static void console_close(FILE *outfp, int infd)

 static void console_prompt_text(FILE *outfp, const char *data, int len)
 {
-    int i;
+    bufchain sanitised;
+    void *vdata;

-    for (i = 0; i < len; i++)
-	if ((data[i] & 0x60) || (data[i] == '\n'))
-	    fputc(data[i], outfp);
+    bufchain_init(&sanitised);
+    sanitise_term_data(&sanitised, data, len);
+    while (bufchain_size(&sanitised) > 0) {
+        bufchain_prefix(&sanitised, &vdata, &len);
+        fwrite(vdata, 1, len, outfp);
+        bufchain_consume(&sanitised, len);
+    }
    fflush(outfp);
 }

--- a/unix/uxplink.c
+++ b/unix/uxplink.c
@ -413,16 +413,6 @@ int from_backend(Frontend *frontend, int is_stderr,
    }
 }

-int from_backend_untrusted(Frontend *frontend, const void *data, int len)
-{
-    /*
-     * No "untrusted" output should get here (the way the code is
-     * currently, it's all diverted by FLAG_STDERR).
-     */
-    assert(!"Unexpected call to from_backend_untrusted()");
-    return 0; /* not reached */
-}
-
 int from_backend_eof(Frontend *frontend)
 {
    assert(outgoingeof == EOF_NO);