Do not use %b to decode user-supplied message strings

For a long time, user-supplied message strings were injected into format
strings used by printf. Obviously, doing so was a bad thing because it
would cause printf to interpret any escape sequences and format
specifiers that might be present in the string.

The issue of specifier injection was dealt with by the introduction of
_eprint(). This commit deals with the remaining issue by eliminating the
use of %b, whose only effect was to needlessly try to decode the message
string according to the same rules as echo -e (for XSI-conformant
systems).

Signed-off-by: Kerin Millar <kfm@plushkava.net>
Bug: https://bugs.gentoo.org/730432
Signed-off-by: Sam James <sam@gentoo.org>

1 files changed, 8 insertions, 5 deletions

diff --git a/functions.sh b/functions.sh
index a0422b6..6b11645 100644
--- a/functions.sh
+++ b/functions.sh
@@ -17,9 +17,9 @@ _eprint() {
 		printf '\n'
 	fi
 	if [ -t 1 ]; then
-		printf ' %s*%s %s%b' "${color}" "${NORMAL}" "${genfun_indent}" "$*"
+		printf ' %s*%s %s%s' "${color}" "${NORMAL}" "${genfun_indent}" "$*"
 	else
-		printf ' * %s%b' "${genfun_indent}" "$*"
+		printf ' * %s%s' "${genfun_indent}" "$*"
 	fi
 }
 
@@ -131,7 +131,8 @@ einfon()
 #
 einfo()
 {
-	einfon "$*\\n"
+	einfon "$*
+"
 	genfun_lastcall="einfo"
 }
 
@@ -152,7 +153,8 @@ ewarnn()
 #
 ewarn()
 {
-	ewarnn "$*\\n"
+	ewarnn "$*
+"
 	genfun_lastcall="ewarn"
 }
 
@@ -174,7 +176,8 @@ eerrorn()
 #
 eerror()
 {
-	eerrorn "$*\\n"
+	eerrorn "$*
+"
 	genfun_lastcall="eerror"
 	return 1
 }