From owner-svn-src-stable@freebsd.org  Thu Dec  3 09:22:44 2015
Return-Path: <owner-svn-src-stable@freebsd.org>
Delivered-To: svn-src-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D799FA3CC34;
 Thu,  3 Dec 2015 09:22:44 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
 by mx1.freebsd.org (Postfix) with ESMTP id 495C112C7;
 Thu,  3 Dec 2015 09:22:44 +0000 (UTC) (envelope-from des@des.no)
Received: from desk.des.no (smtp.des.no [194.63.250.102])
 by smtp.des.no (Postfix) with ESMTP id 1C4FF2CE0;
 Thu,  3 Dec 2015 09:22:43 +0000 (UTC)
Received: by desk.des.no (Postfix, from userid 1001)
 id 454853FC43; Thu,  3 Dec 2015 10:22:45 +0100 (CET)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Baptiste Daroussin <bapt@FreeBSD.org>
Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org,
 src-committers@freebsd.org, svn-src-stable-10@freebsd.org
Subject: Re: svn commit: r287084 - in stable/10/usr.sbin/pw: . tests
References: <201508232142.t7NLgSXX033227@repo.freebsd.org>
 <867fkxcbq9.fsf@desk.des.no>
 <20151202215958.GD20169@ivaldir.etoilebsd.net>
 <86egf4uegi.fsf@desk.des.no>
 <20151203083556.GF20169@ivaldir.etoilebsd.net>
Date: Thu, 03 Dec 2015 10:22:45 +0100
In-Reply-To: <20151203083556.GF20169@ivaldir.etoilebsd.net> (Baptiste
 Daroussin's message of "Thu, 3 Dec 2015 09:35:56 +0100")
Message-ID: <86lh9bubru.fsf@desk.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable>, 
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable/>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2015 09:22:45 -0000

Baptiste Daroussin <bapt@FreeBSD.org> writes:
> Dag-Erling Sm=C3=B8rgrav <des@des.no> writes:
> > Baptiste Daroussin <bapt@FreeBSD.org> writes:
> > > Or a fix can be made, if you provide an example of the failing case, I
> > > would be able to fix it and add it to the regression tests.
> > Any operation that specifies a GECOS containing multibyte characters.
> Right so it is fixed.

Not really.  After your latest commit, it will appear to work, but it
will still be broken.  A proper fix would entail converting all input to
wide strings, validating it as such and converting back before output.
Also, the validation is based on blacklisting specific characters which
are considered unsafe instead of whitelisting those that are known to be
safe.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no