Date: Thu, 03 Dec 2015 10:22:45 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Baptiste Daroussin <bapt@FreeBSD.org> Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-10@freebsd.org Subject: Re: svn commit: r287084 - in stable/10/usr.sbin/pw: . tests Message-ID: <86lh9bubru.fsf@desk.des.no> In-Reply-To: <20151203083556.GF20169@ivaldir.etoilebsd.net> (Baptiste Daroussin's message of "Thu, 3 Dec 2015 09:35:56 %2B0100") References: <201508232142.t7NLgSXX033227@repo.freebsd.org> <867fkxcbq9.fsf@desk.des.no> <20151202215958.GD20169@ivaldir.etoilebsd.net> <86egf4uegi.fsf@desk.des.no> <20151203083556.GF20169@ivaldir.etoilebsd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Baptiste Daroussin <bapt@FreeBSD.org> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > Baptiste Daroussin <bapt@FreeBSD.org> writes: > > > Or a fix can be made, if you provide an example of the failing case, I > > > would be able to fix it and add it to the regression tests. > > Any operation that specifies a GECOS containing multibyte characters. > Right so it is fixed. Not really. After your latest commit, it will appear to work, but it will still be broken. A proper fix would entail converting all input to wide strings, validating it as such and converting back before output. Also, the validation is based on blacklisting specific characters which are considered unsafe instead of whitelisting those that are known to be safe. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86lh9bubru.fsf>