agetty: Prevent cursor escape

Starting with 5de9751, it is possible to escape the login dialog on the screen by arrow characters or using escape sequences. Since full processing of escape sequences and ignore them would be complicated, use a work around: instead of sending ESC to output, send a printable character. It could cause a rendering regression in a very obscure condition: compiled without IUTF8, encoding is ISO-11548-1 and BRAILLE PATTERN DOTS-1245 is part of login name. I believe that it is out of supported combinations. Signed-off-by: Stanislav Brabec <[email protected]>
crrodriguez · Jul 23, 2024 · 20b405c · 20b405c
1 parent 4283a76
commit 20b405c
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/term-utils/agetty.c b/term-utils/agetty.c
@@ -2289,7 +2289,14 @@ static char *get_logname(struct issue *ie, struct options *op, struct termios *t
 				if ((size_t)(bp - logname) >= sizeof(logname) - 1)
 					log_err(_("%s: input overrun"), op->tty);
 				if ((tp->c_lflag & ECHO) == 0)
-					write_all(1, &c, 1);	/* echo the character */
+					/* Visualize escape sequence instead of its execution */
+					if (ascval == CTL('['))
+						/* Ideally it should be "\xe2\x90\x9b"
+						 * if (op->flags & (F_UTF8)),
+						 * but only some fonts contain it */
+						write_all(1, "^[", 2);
+					else
+						write_all(1, &c, 1);	/* echo the character */
 				*bp++ = ascval;			/* and store it */
 				break;
 			}