[Bug 2058] SSH Banner message displays UTF-8 multibyte char incorrrectly
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Apr 26 10:55:46 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #4 from Darren Tucker <dtucker at zip.com.au> ---
RFC4252 says banner support is a SHOULD, and filtering control
characters is also a SHOULD:
If the 'message' string is displayed, control character filtering,
discussed in [SSH-ARCH], SHOULD be used to avoid attacks by sending
terminal control characters.
The text it refers to in RFC4251 is:
9.2. Control Character Filtering
When displaying text to a user, such as error or debug messages, the
client software SHOULD replace any control characters (except tab,
carriage return, and newline) with safe sequences to avoid attacks
by
sending terminal control characters.
so the current behaviour is compliant. Whether or not is possible to
safely display utf8 is a separate question.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list