From: Marco Trevisan (Treviño) <mail@xxxxxxxxx>
Info messages that are coming from the server aren't properly escaping
sequences they contains, leading to messages not being properly rendered
by the client.
So for example a message containing "\" was represented as "\\" and
similarly for all the other C escape sequences.
This was leading to more problems when it come to utf-8 chars, as they
were only represented by their octal representation.
This was easily testable by adding a line like the one below to the
sshd PAM service:
auth requisite pam_echo.so Hello SSHD! Want some 🍕?
Which was causing this to be written instead:
Hello SSHD! Want some \360\237\215\225?
To handle this, instead of simply using fmprintf, we're using the notifier
in a way can be exposed to users in the proper format and UI.
---
sshconnect2.c | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
diff --git a/sshconnect2.c b/sshconnect2.c
index a69c4da18..d3c2dab81 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1075,6 +1075,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
char *info = NULL, *lang = NULL, *password = NULL, *retype = NULL;
char prompt[256];
const char *host;
+ size_t info_len;
int r;
debug2("input_userauth_passwd_changereq");
@@ -1084,11 +1085,15 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
"no authentication context");
host = options.host_key_alias ? options.host_key_alias : authctxt->host;
- if ((r = sshpkt_get_cstring(ssh, &info, NULL)) != 0 ||
+ if ((r = sshpkt_get_cstring(ssh, &info, &info_len)) != 0 ||
(r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
goto out;
- if (strlen(info) > 0)
- logit("%s", info);
+ if (info_len > 0) {
+ struct notifier_ctx *notifier = NULL;
+ debug_f("input_userauth_passwd_changereq info: %s", info);
+ notifier = notify_start(0, "%s", info);
+ notify_complete(notifier, NULL);
+ }
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
@@ -1940,8 +1945,10 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
Authctxt *authctxt = ssh->authctxt;
char *name = NULL, *inst = NULL, *lang = NULL, *prompt = NULL;
char *display_prompt = NULL, *response = NULL;
+ struct notifier_ctx *notifier = NULL;
u_char echo = 0;
u_int num_prompts, i;
+ size_t name_len, inst_len;
int r;
debug2_f("entering");
@@ -1951,14 +1958,22 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
authctxt->info_req_seen = 1;
- if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 ||
- (r = sshpkt_get_cstring(ssh, &inst, NULL)) != 0 ||
+ if ((r = sshpkt_get_cstring(ssh, &name, &name_len)) != 0 ||
+ (r = sshpkt_get_cstring(ssh, &inst, &inst_len)) != 0 ||
(r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
goto out;
- if (strlen(name) > 0)
- logit("%s", name);
- if (strlen(inst) > 0)
- logit("%s", inst);
+ if (name_len > 0) {
+ debug_f("kbd int name: %s", name);
+ notifier = notify_start(0, "%s", name);
+ notify_complete(notifier, NULL);
+ notifier = NULL;
+ }
+ if (inst_len > 0) {
+ debug_f("kbd int inst: %s", inst);
+ notifier = notify_start(0, "%s", inst);
+ notify_complete(notifier, NULL);
+ notifier = NULL;
+ }
if ((r = sshpkt_get_u32(ssh, &num_prompts)) != 0)
goto out;
--
2.34.1
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
