Call for testing: OpenSSH 7.8

Ingo Schwarze schwarze at usta.de
Tue Aug 21 03:14:52 AEST 2018


Hi,

Michael Felt wrote on Mon, Aug 20, 2018 at 05:00:17PM +0200:

> ./nl_langinfo
> setlocale -> "C"
> nl_langinfo -> "ISO8859-1"

Thanks, that is helpful.

So i think i was wrong and Damien was right.  This means that
OpenSSH returns truncated messages when non-ASCII bytes occur
in them, even when the user requests LC_CTYPE=POSIX.
That's not good.

While there is no need to cater for any potential locale that users
might wilfully select, we should probably try to show complete
messages to users who specifically select the POSIX locale.

Admittedly, AIX is weird in calling ASCII "ISO8859-1", which is
probably going to mean something different elsewhere.  But given
that it is very unlikely that anything another system calls ISO8859-1
is an unsafe (ASCII-incompatible or state-dependent) encoding, i'm
proposing the following patch.

I suggest adding some comments because otherwise, we will
eventually forget where all these strings came from.

OK?

> There is a program - /usr/lib/nls/lsmle (just learned about it!)

That's non-standard.  The standard program for similar purposes is
locale(1), though that usually won't report CODESET, but only
LC_CTYPE.

Yours,
  Ingo


Index: utf8.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/utf8.c,v
retrieving revision 1.7
diff -u -p -r1.7 utf8.c
--- utf8.c	31 May 2017 09:15:42 -0000	1.7
+++ utf8.c	20 Aug 2018 17:11:33 -0000
@@ -51,9 +51,18 @@ dangerous_locale(void) {
 	char	*loc;
 
 	loc = nl_langinfo(CODESET);
-	return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 &&
-	    strcmp(loc, "ANSI_X3.4-1968") != 0 && strcmp(loc, "646") != 0 &&
-	    strcmp(loc, "") != 0;
+	return strcmp(loc, "UTF-8") != 0 &&
+	    strcmp(loc, "US-ASCII") != 0 &&
+
+	    /*
+	     * What nl_langinfo(CODESET) returns for US-ASCII
+	     * on various operating systems:
+	     */
+
+	    strcmp(loc, "ANSI_X3.4-1968") != 0 &&	/* Linux */
+	    strcmp(loc, "ISO8859-1") != 0 &&		/* AIX */
+	    strcmp(loc, "646") != 0 &&			/* Solaris, NetBSD */
+	    strcmp(loc, "") != 0;			/* Solaris 6 */
 }
 
 static int


More information about the openssh-unix-dev mailing list