openssh bugs - Jul 2004 - [Bug 111] sshd syslogs raw untrusted data

http://bugzilla.mindrot.org/show_bug.cgi?id=111

peak at argo.troja.mff.cuni.cz changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CLOSED                      |REOPENED
         Resolution|FIXED                       |



------- Additional Comments From peak at argo.troja.mff.cuni.cz  2004-07-21
09:59 -------
The current code in log.c fails to address the problem. It does
strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_SAFE|VIS_OCTAL);
but this leaves nasty characters like LFs (misinterpreted by Solaris
syslog()...see above) alone.

On the other hand, stricter vis() flags make debugging output (sshd -d) ugly
because some debugging message include a "natural" newline.

I think the code should read:

strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), log_on_stderr ?
        VIS_SAFE|VIS_OCTAL : VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL);




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=111

djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |FIXED



------- Additional Comments From djm at mindrot.org  2004-07-21 10:53 -------
Yes. Similar fix committed - thanks!



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.