Strip carriage returns (\r) from output to prevent spoofing

2025-12-31 20:09:02 +00:00 · 2016-09-21 03:55:12 +00:00
parent d1fb502144
commit 9370f5bd5d
3 changed files with 7 additions and 2 deletions
--- a/output.cc
+++ b/output.cc
@@ -462,7 +462,8 @@ static std::string escape_for_screen(const std::string s) {
  for (unsigned int i = 0; i < s.size(); i++) {
    char buf[5];
    unsigned char c = s[i];
-    if (c == '\t' || c == '\r' || c == '\n' || (0x20 <= c && c <= 0x7e)) {
+    // Printable and some whitespace ok. "\r" not ok because it overwrites the line.
+    if (c == '\t' || c == '\n' || (0x20 <= c && c <= 0x7e)) {
      r += c;
    } else {
      Snprintf(buf, sizeof(buf), "\\x%02X", c);