svn commit: r287084 - in stable/10/usr.sbin/pw: . tests
Dag-Erling Smørgrav
des at des.no
Thu Dec 3 09:22:45 UTC 2015
Baptiste Daroussin <bapt at FreeBSD.org> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
> > Baptiste Daroussin <bapt at FreeBSD.org> writes:
> > > Or a fix can be made, if you provide an example of the failing case, I
> > > would be able to fix it and add it to the regression tests.
> > Any operation that specifies a GECOS containing multibyte characters.
> Right so it is fixed.
Not really. After your latest commit, it will appear to work, but it
will still be broken. A proper fix would entail converting all input to
wide strings, validating it as such and converting back before output.
Also, the validation is based on blacklisting specific characters which
are considered unsafe instead of whitelisting those that are known to be
safe.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the svn-src-stable
mailing list