[patch] alpha_strcpy for HEAD

Andrew Bartlett abartlet at pcug.org.au
Fri Jan 18 02:57:02 GMT 2002


Alexander Bokovoy wrote:
> 
> On Fri, Jan 18, 2002 at 08:17:44PM +1100, Andrew Bartlett wrote:
> > > This patch just allow consider _all_ letters (including multibute ones
> > > in e.g. UTF-8) as valid symbols.
> > Can you tell me that all letters won't include \ ' / " * @ ! .. within
> > that multibyte sequence?
> >
> > Can you tell me that they wont include a byte of value 255?  That it
> > won't inlude *any shell metacharacter*?
> Please note that byte of value 255 is _valid_ letter (CYRILLIC SMALL
> LETTER YA, <U044F>) in encoding CP1251 which is native Unix encoding for
> Bulgarian and Belarusian langauges. Disabling it you're risking to break
> support for those languages at all.

This makes my point rather well actually.

If sombody sends us this (special to some shells) char what should we
do?  Its a perfectly vaild char that we don't want to mess with, but it
could also allow an exploit on particualr systems in particuar
configurations.

This is why I think we need a better way to 'vet' this incoming data. 

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba-technical mailing list