[Toybox] [PATCH] ls new option : b
Isaac Dunham
ibid.ag at gmail.com
Wed Mar 9 08:39:57 PST 2016
Hello,
I see a few problems, which can be summed up as follows:
-the help is clunky and misplaced
-the patch introduces a format-string vulnerability
-the feature is not actually implemented; it skips rather than escaping
On Wed, Mar 09, 2016 at 02:51:26PM +0530, Sameer Pradhan wrote:
--- a/toys/posix/ls.c 2016-02-26 13:23:36.000000000 +0530
+++ b/toys/posix/ls.c 2016-03-09 14:47:36.000000000 +0530
@@ -2,38 +2,38 @@
*
* Copyright 2012 Andre Renaud <andre at bluewatersys.com>
* Copyright 2012 Rob Landley <rob at landley.net>
+ * Copyright 2015 Sameer Prakash Pradhan <sameer.p.pradhan at gmail.com>
*
* See http://opengroup.org/onlinepubs/9699919799/utilities/ls.html
-USE_LS(NEWTOY(ls, USE_LS_COLOR("(color):;")"ZgoACFHLRSacdfhiklmnpqrstux1[-Cxm1][-Cxml][-Cxmo][-Cxmg][-cu][-ftS][-HL]", TOYFLAG_BIN|TOYFLAG_LOCALE))
+USE_LS(NEWTOY(ls, USE_LS_COLOR("(color):;")"ZgoACFHLRSab(escape)cdfhiklmnpqrstux1[-Cxm1][-Cxml][-Cxmo][-Cxmg][-cu][-ftS][-HL]", TOYFLAG_BIN|TOYFLAG_LOCALE))
config LS
bool "ls"
default y
help
- usage: ls [-ACFHLRSZacdfhiklmnpqrstux1] [directory...]
-
+ usage: ls [-ACFHLRSZabcdfhiklmnpqrstux1] [directory...]
list files
what to show:
- -a all files including .hidden -c use ctime for timestamps
- -d directory, not contents -i inode number
- -k block sizes in kilobytes -p put a '/' after dir names
- -q unprintable chars as '?' -s size (in blocks)
- -u use access time for timestamps -A list all files but . and ..
- -H follow command line symlinks -L follow symlinks
- -R recursively list files in subdirs -F append /dir *exe @sym |FIFO
- -Z security context
+ -a all files including .hidden -b print C-style escapes for nongraphic characters (--escape)
A few points here:
1-this message is *not* going to look nice; it will wrap around.
It is also simultaneously verbose and unclear (does 'nongraphic' mean
that it's not a box character? No, it means it's either nonprintable or
has no visible output.)
2-"what to show" means the data, not the presentation.
'-b' changes the presntation of non-printable characters (and ' '), so it
should go under "output formats".
Maybe add
-b escape unprintable characters and space
under output formats.
Further, your re-ordering below is incorrect:
'1' the number should precede all characters, and sorting it right before
'l' the letter is about the worst place to put it.
output formats:
- -1 list one file per line -C columns (sorted vertically)
- -g like -l but no owner -h human readable sizes
- -l long (show full details) -m comma separated
- -n like -l but numeric uid/gid -o like -l but no group
- -x columns (horizontal sort)
+ -C columns (sorted vertically) -g like -l but no owner
+ -h human readable sizes -1 list one file per line
+ -l long (show full details) -m comma separated
+ -n like -l but numeric uid/gid -o like -l but no group
+ -x columns (horizontal sort)
sorting (default is alphabetical):
- -f unsorted -r reverse -t timestamp -S size
+ -f unsorted -r reverse -t timestamp -S size
config LS_COLOR
bool "ls --color"
@@ -293,7 +293,7 @@
if (-1 == dirfd) {
strwidth(indir->name);
- perror_msg_raw(indir->name);
+ perror_msg(indir->name);
No, this is completely broken.
indir->name, being the name on disk, is user data.
It cannot be trusted.
For example, try running
mkdir -p test/ls && touch 'test/ls/a%s' && $LS test/ls/
where "$LS" is the appropriate invocation of toybox ls.
return;
}
@@ -474,6 +474,11 @@
if (flags & FLAG_q) {
char *p;
for (p=sort[next]->name; *p; p++) fputc(isprint(*p) ? *p : '?', stdout);
+ } else if (flags & FLAG_b){
+ char *b;
+
+ for (b = sort[next]->name; *b; b++)
+ if (isgraph(*b)) fputc(*b, stdout);
And I don't see where you're escaping anything.
This would have to be something like this:
for (b=...) {
if (isgraph(*b)) fputc(*b, stdout);
else printf("\\%3hho", *b);
}
Which will print C-style octal escapes for everything, rather than
printing the standard \n, \r, \t ... escapes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ls.c.patch
Type: application/octet-stream
Size: 3361 bytes
Desc: not available
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20160309/3732bb27/attachment-0002.obj>
More information about the Toybox
mailing list