Bug#326027: ssh: sshd server does not encode banner in ISO-10646
On Thu, Sep 01, 2005 at 12:07:26PM +0200, Lars Persson Fink wrote:
> I do not know if this classifies as a bug or feature request and if
> there are any security implications from the problem below.
>
> I noticed that sshd does not encode the banner file in ISO-10646 UTF-8
> before sending it to the client as specified in
> draft-ietf-secsh-userauth-27.txt. Instead it seems to send the file as
> is.
To be honest, I think this is rather optimistic. How is the server
supposed to know what character set the file is encoded in, if it isn't
UTF-8? For example, you can't tell the difference between ISO-8859-1 and
ISO-8859-2 unless you understand the language in question.
At best, perhaps, the server could strip out characters not valid in
UTF-8, or make a wild guess at ISO-8859-1, or similar.
> It also seems as the client does not convert the banner from UTF-8 to
> the codepage it runs in.
This seems like a legitimate bug, though.
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: