Bug#326027: ssh: sshd server does not encode banner in ISO-10646

To: Lars Persson Fink <persson@bluetail.com>, 326027@bugs.debian.org
Subject: Bug#326027: ssh: sshd server does not encode banner in ISO-10646
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 2 Sep 2005 16:23:23 +0100
Message-id: <[🔎] 20050902152323.GJ1653@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 326027@bugs.debian.org
In-reply-to: <[🔎] E1EAlyg-0003Ji-Tj@fink>
References: <[🔎] E1EAlyg-0003Ji-Tj@fink>

On Thu, Sep 01, 2005 at 12:07:26PM +0200, Lars Persson Fink wrote:
> I do not know if this classifies as a bug or feature request and if
> there are any security implications from the problem below.
> 
> I noticed that sshd does not encode the banner file in ISO-10646 UTF-8
> before sending it to the client as specified in
> draft-ietf-secsh-userauth-27.txt. Instead it seems to send the file as
> is.

To be honest, I think this is rather optimistic. How is the server
supposed to know what character set the file is encoded in, if it isn't
UTF-8? For example, you can't tell the difference between ISO-8859-1 and
ISO-8859-2 unless you understand the language in question.

At best, perhaps, the server could strip out characters not valid in
UTF-8, or make a wild guess at ISO-8859-1, or similar.

> It also seems as the client does not convert the banner from UTF-8 to
> the codepage it runs in.

This seems like a legitimate bug, though.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- Bug#326027: ssh: sshd server does not encode banner in ISO-10646
  - From: Lars Persson Fink <persson@bluetail.com>

Prev by Date: Processed: apparently only occurs with some PAM configurations?
Next by Date: Accepted openssh 1:4.1p1-7 (source all powerpc)
Previous by thread: Bug#326027: ssh: sshd server does not encode banner in ISO-10646
Next by thread: Bug#326065: ssh: Two security issues fixed in 4.2
Index(es):
- Date
- Thread