Re: sshd Failing New Inbound Connections

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


On 3/21/22 15:08, Thorsten Glaser wrote:
> On Mon, 21 Mar 2022, Steffen Nurpmeso wrote:
>>  |> actually even standardized that "octal numbers" are not supported
>> ..inet_pton..
> Huh. Not that but inet_aton on GNU, and other functions apparently.
> This is idiotic, and I guess the same POSIX that insists on octals
> for leading-zero numbers in shell, causing no small amount of bugs,
> is responsible. Hmph.
>>  |> in form fields etc.
> |            $ ./a.out      # Last byte is in octal
> Given that these may be either decimal or octal, depending on where
> they come from, it’s probably for the best to reject them.

Not only is it best practice to reject them, failing to do so has
caused security holes in the past.  I believe both Go and Rust
reject them nowadays for that reason.

Demi Marie Obenour (she/her/hers)

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux