Invalid user name: function okname() in scp.c

Reza Hedayat reza.hedayat at adnovum.ch
Wed Mar 7 04:57:35 EST 2012


Hi OpenSSH developers

In the source file *scp.c* there is a function called *okname(char 
*cp0)* that validates the entered username by using the scp command as 
follows:
*
*[ Fragment scp.c start ]
...

int okname(char *cp0)
{
     int c;
     char *cp;

     cp = cp0;
     do {
         c = (int)*cp;
         if (c & 0200)
             goto bad;
         if (!isalpha(c) && !isdigit(c)) {
             switch (c) {
             case '\'':
             case '"':
             case '`':
             case ' ':
* case '#':*
                 goto bad;
             default:
                 break;
             }
         }
     } while (*++cp);
     return (1);

bad:    fprintf(stderr, "%s: invalid user name\n", cp0);
     return (0);
}

...
[ Fragment scp.c end ]

Thereby, usernames that contain the hash sign (#) are rejected. Is there 
a good reason why this logic was introduced?
If there is no reason, so is it possible to remove the mentioned 
case-statement?

I thank you in advance for your help and remain with best wishes
Reza Hedayat



More information about the openssh-unix-dev mailing list