From owner-svn-src-stable@freebsd.org Thu Dec 3 09:40:37 2015 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 495B5A3CF4A; Thu, 3 Dec 2015 09:40:37 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E02161B68; Thu, 3 Dec 2015 09:40:36 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: by wmvv187 with SMTP id v187so17922549wmv.1; Thu, 03 Dec 2015 01:40:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=KyMiyzGQ05E53TEM04FC0VuvV1p268iU8UmVpoIy474=; b=lYRtia2Y3tQvjJ1peqXeGdrJ+TDfMTg7gfNHFq/8ZZJqAzpeVxXdJyxJjWbyFB0u9X 6jcXPjqwCr3XRiSJ1nB3wPaFabCBA+kluNeqoTwKPyXT1XmdNFZrG6TafmBRsnGG/iHY mxpMRAqLZbwji/MyhfD1cvZ7GvR70lt88GYy4dzL5IH6iY11OisteoWSbw1nUDcOzKvu xWZwgsSAmiwo1nyzrsEp9tHdRflYZUIHB3AldJB6Q5jynvzDG1EwqSznjJUOuJRiw9Av JukSHNWLqXi5v07c9zZoWsE1mo/OFWYz+aMqd744JWgwNUg0GwIAedXNGVTF8JkTtqZ9 08EQ== X-Received: by 10.28.148.147 with SMTP id w141mr11748587wmd.14.1449135634434; Thu, 03 Dec 2015 01:40:34 -0800 (PST) Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1]) by smtp.gmail.com with ESMTPSA id lx4sm6702398wjb.5.2015.12.03.01.40.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Dec 2015 01:40:33 -0800 (PST) Sender: Baptiste Daroussin Date: Thu, 3 Dec 2015 10:40:31 +0100 From: Baptiste Daroussin To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-10@freebsd.org Subject: Re: svn commit: r287084 - in stable/10/usr.sbin/pw: . tests Message-ID: <20151203094031.GG20169@ivaldir.etoilebsd.net> References: <201508232142.t7NLgSXX033227@repo.freebsd.org> <867fkxcbq9.fsf@desk.des.no> <20151202215958.GD20169@ivaldir.etoilebsd.net> <86egf4uegi.fsf@desk.des.no> <20151203083556.GF20169@ivaldir.etoilebsd.net> <86lh9bubru.fsf@desk.des.no> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xs+9IvWevLaxKUtW" Content-Disposition: inline In-Reply-To: <86lh9bubru.fsf@desk.des.no> User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2015 09:40:37 -0000 --xs+9IvWevLaxKUtW Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 03, 2015 at 10:22:45AM +0100, Dag-Erling Sm=F8rgrav wrote: > Baptiste Daroussin writes: > > Dag-Erling Sm=F8rgrav writes: > > > Baptiste Daroussin writes: > > > > Or a fix can be made, if you provide an example of the failing case= , I > > > > would be able to fix it and add it to the regression tests. > > > Any operation that specifies a GECOS containing multibyte characters. > > Right so it is fixed. >=20 > Not really. After your latest commit, it will appear to work, but it > will still be broken. A proper fix would entail converting all input to > wide strings, validating it as such and converting back before output. > Also, the validation is based on blacklisting specific characters which > are considered unsafe instead of whitelisting those that are known to be > safe. Yes but that was already broken before my work, so doing that would be an entirely new and willing project but in term of "regression" the regression= has been fixed. reverting the work I have done will not change that. The interesting thing is the validator was there before my changes, and not changed at all in the process of adding validation, so depending on the com= mand you were using your multibyte input for gecos may or may not have been reje= cted already! the behaviour we have now is better in the sense that it is consis= tent in that regards. So imho reverting is really not needed. Now if one wants to make that properly handled using wide char, then you ha= ve a lot of tools and interfaces to work on not only pw(8) Best regards, Bapt --xs+9IvWevLaxKUtW Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlZgDg8ACgkQ8kTtMUmk6ExvXgCdFsbGhb63hB6KsPlVPgMWCrLP BJsAnA6iZCBEv7x1GJBCAMfjwSejODVd =vyYi -----END PGP SIGNATURE----- --xs+9IvWevLaxKUtW--