[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Re: lshd crashed on subversions.gnu.org
|
From: |
Niels Möller |
|
Subject: |
[Savannah-hackers] Re: lshd crashed on subversions.gnu.org |
|
Date: |
25 Jun 2001 00:49:58 +0200 |
"Joel N. Weber II" <address@hidden> writes:
> So I'm going to guess that this means that if you tell lshd that you
> are feeding it UTF-8 data such that it calls the UTF-8 routines, and
> feed it something that isn't actually valid UTF-8, that that causes
> this failure.
You're on the right track. The most urgent problems seems to be as
follows: When lshd gets a password that contains invalid utf8, or an
utf8 string that it can't convert to what it believes is the system's
local character set, it crashes. The right behaviour would be to
either treat it as an invalid password, or perhaps (in the case of
invalid utf8) treat it as a protocol error and disconnect the client.
Then there are some more subtle issues on how to deal with utf8
properly, but as long as subversions uses only ascii for user names
and passwords, that shouldn't matter much.
And there's no charset negotiation going on. The protocol spec simply
says that user names and passwords are *always* utf8. It ought to say
that it is utf8 using some particular normalization form, IMO, but
currently it doesn't.
/Niels