Re: Call for testing: OpenSSH 7.8

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Hi,

Michael Felt wrote on Mon, Aug 20, 2018 at 05:00:17PM +0200:

> ./nl_langinfo
> setlocale -> "C"
> nl_langinfo -> "ISO8859-1"

Thanks, that is helpful.

So i think i was wrong and Damien was right.  This means that
OpenSSH returns truncated messages when non-ASCII bytes occur
in them, even when the user requests LC_CTYPE=POSIX.
That's not good.

While there is no need to cater for any potential locale that users
might wilfully select, we should probably try to show complete
messages to users who specifically select the POSIX locale.

Admittedly, AIX is weird in calling ASCII "ISO8859-1", which is
probably going to mean something different elsewhere.  But given
that it is very unlikely that anything another system calls ISO8859-1
is an unsafe (ASCII-incompatible or state-dependent) encoding, i'm
proposing the following patch.

I suggest adding some comments because otherwise, we will
eventually forget where all these strings came from.

OK?

> There is a program - /usr/lib/nls/lsmle (just learned about it!)

That's non-standard.  The standard program for similar purposes is
locale(1), though that usually won't report CODESET, but only
LC_CTYPE.

Yours,
  Ingo


Index: utf8.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/utf8.c,v
retrieving revision 1.7
diff -u -p -r1.7 utf8.c
--- utf8.c	31 May 2017 09:15:42 -0000	1.7
+++ utf8.c	20 Aug 2018 17:11:33 -0000
@@ -51,9 +51,18 @@ dangerous_locale(void) {
 	char	*loc;
 
 	loc = nl_langinfo(CODESET);
-	return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 &&
-	    strcmp(loc, "ANSI_X3.4-1968") != 0 && strcmp(loc, "646") != 0 &&
-	    strcmp(loc, "") != 0;
+	return strcmp(loc, "UTF-8") != 0 &&
+	    strcmp(loc, "US-ASCII") != 0 &&
+
+	    /*
+	     * What nl_langinfo(CODESET) returns for US-ASCII
+	     * on various operating systems:
+	     */
+
+	    strcmp(loc, "ANSI_X3.4-1968") != 0 &&	/* Linux */
+	    strcmp(loc, "ISO8859-1") != 0 &&		/* AIX */
+	    strcmp(loc, "646") != 0 &&			/* Solaris, NetBSD */
+	    strcmp(loc, "") != 0;			/* Solaris 6 */
 }
 
 static int
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux