[Bug 3896] Non-ASCII characters in user names are inconsistently escaped in server logs
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Nov 18 09:21:13 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3896
Zack Weinberg <zack+bugzilla.mindrot at owlfolio.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3921| |ok?(djm at mindrot.org)
Flags| |
--- Comment #2 from Zack Weinberg <zack+bugzilla.mindrot at owlfolio.org> ---
Created attachment 3921
--> https://bugzilla.mindrot.org/attachment.cgi?id=3921&action=edit
slightly more invasive fix
I'd like to suggest a slightly more invasive fix which also moves the
strnvis() call into the if-else branches that are actually going to use
the result.
I tested this change on one of my machines and it does work for the
case I know about:
$ ssh röot at server.example.com
r\303\266ot at server.example.com: Permission denied (publickey).
$ ssh root at server.example.com grep -hF '266ot' /var/log/*
Nov 17 22:17:07 server sshd[4456]: Invalid user r\303\266ot from
[address redacted] port 38924
Nov 17 22:17:08 server sshd[4456]: Connection closed by invalid
user r\303\266ot [address redacted] port 38924 [preauth]
Before the change, the second line would have been double-escaped.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list