Invalid user name: function okname() in scp.c
Reza Hedayat
reza.hedayat at adnovum.ch
Wed Mar 7 04:57:35 EST 2012
Hi OpenSSH developers
In the source file *scp.c* there is a function called *okname(char
*cp0)* that validates the entered username by using the scp command as
follows:
*
*[ Fragment scp.c start ]
...
int okname(char *cp0)
{
int c;
char *cp;
cp = cp0;
do {
c = (int)*cp;
if (c & 0200)
goto bad;
if (!isalpha(c) && !isdigit(c)) {
switch (c) {
case '\'':
case '"':
case '`':
case ' ':
* case '#':*
goto bad;
default:
break;
}
}
} while (*++cp);
return (1);
bad: fprintf(stderr, "%s: invalid user name\n", cp0);
return (0);
}
...
[ Fragment scp.c end ]
Thereby, usernames that contain the hash sign (#) are rejected. Is there
a good reason why this logic was introduced?
If there is no reason, so is it possible to remove the mentioned
case-statement?
I thank you in advance for your help and remain with best wishes
Reza Hedayat
More information about the openssh-unix-dev
mailing list