GNU bug report logs - #30535
Output buffer overwritten when CR in file

Previous Next

To reply to this bug, email your comments to 30535 AT debbugs.gnu.org.

the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Wayne Gemmell <wayne <at> gemmell.co.za>
To: bug-grep <at> gnu.org
Subject: Output buffer overwritten when CR in file
Date: 2018年2月19日 14:36:43 +0000

[Message part 1 (text/plain, inline)]

Hi
I have an issue with files that contain carriage returns. I have log files
that contain user input which sometime has carriage returns. The EOL
characters are fine so I can't throw mac2unix at the problem.
The issue is that when grep outputs the CR it follows the CR to the
beginning of the output buffer and overwrites the contents of the output
buffer.
E.g. the file, test.log with the following contents.
messag1^Mlogin^Mmask
The following command
$>/grep --color=never login test.log
Outputs as follows
$>maskng1
This seems like a security concern as you may be able to mask activity in
logs just by inserting CR in place. It would be superficial but it would
fool basic grep based logfile processing.
I would expect the CR to be output verbatim so as not to confuse the reader
of the output.
-- 
Regards
Wayne

[Message part 2 (text/html, inline)]

Message #8 received at 30535 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Wayne Gemmell <wayne <at> gemmell.co.za>, 30535 <at> debbugs.gnu.org
Subject: Re: bug#30535: Output buffer overwritten when CR in file
Date: 2018年2月19日 12:13:17 -0800

Wayne Gemmell wrote:
> I would expect the CR to be output verbatim
It is output verbatim, just as you expect. For example:
$ printf 'messag1\rlogin\rmask' >test.log
503-day $ grep --color=never login test.log | od -c
0000000 m e s s a g 1 \r l o g i n \r m a
0000020 s k \n
0000023

Message #11 received at 30535 <at> debbugs.gnu.org (full text, mbox):

From: Wayne Gemmell <wayne <at> gemmell.co.za>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 30535 <at> debbugs.gnu.org
Subject: Re: bug#30535: Output buffer overwritten when CR in file
Date: 2018年2月20日 07:34:07 +0000

[Message part 1 (text/plain, inline)]

Hi Paul
That is exactly what I am getting. It is probably acting quite correctly,
the problem is that the shell executing those control characters is both
confusing and a possible security risk. I've tried this in ksh, dash, bash
and zsh and they all execute the control characters.
I think that they should be suppressed or escaped by default and a flag
should be provided to allow them to be passed out unescaped. Maybe this has
become a feature request...
On 2018年2月19日 at 22:13 Paul Eggert <eggert <at> cs.ucla.edu> wrote:
> Wayne Gemmell wrote:
> > I would expect the CR to be output verbatim
>
> It is output verbatim, just as you expect. For example:
>
> $ printf 'messag1\rlogin\rmask' >test.log
> 503-day $ grep --color=never login test.log | od -c
> 0000000 m e s s a g 1 \r l o g i n \r m a
> 0000020 s k \n
> 0000023
>
-- 
Regards
Wayne

[Message part 2 (text/html, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.