From: Oliver Kiddle <opk@zsh.org>
To: Максим <herobrine135111@gmail.com>
Cc: zsh-workers@zsh.org
Subject: Re: $watch, log and Cyrillic usernames
Date: Sat, 07 Oct 2023 04:05:17 +0200 [thread overview]
Message-ID: <51326-1696644317.959346@Oqom.p2Z_.86FS> (raw)
In-Reply-To: <CAHJ=x4aS18Rez8yw=KBNqyNrdxAavshA36muRE=M3QzctD90Rw@mail.gmail.com>
Максим wrote:
> Hello again. I found another bug with cyrillic usernames in zsh (again on
> Cygwin, but can be reproduced on Linux)
Reproducing does involve bypassing utilities like useradd which complain
about invalid usernames. But I can imagine such rules will increasingly
be relaxed and there's no reason for zsh to make assumptions.
> % watch=(Студент); log # ("Студент" record is missing)
The value from $watch is metafied and that's what patcompile() and
pattry() need so the fix below uses metafy() on the username from
utmp.
However, in looking closer at the code I observed the existing use of
sizeof(u->ut_name) which is 32 on my system. So I tried creating 32 and
33 character usernames (which, incidentally, useradd was happy with) and
as I suspected u->ut_name is not null-terminated for these. So the patch
uses strnlen() with the sizeof() for n to get the length to pass
to metafy(). We have no existing uses of strnlen() but I don't foresee
portability issues given that it is attributed to the 2008 POSIX
standard and is supported in Solaris 10 which is from a few years prior
to that. If needed, it'd be easy to provide an alternative
implementation.
To match the 33 character username, it does need to be truncated in
$watch. last -w does manage to print the full username, would be good
to know how. For the hostname, our code was using strlen() rather than
sizeof(). I can't see why this would be needed. I would have tried
putting UTF-8 in my hosts file to test that that but I'm only getting IP
addresses in utmp. I guess we could do reverse lookups but it hardly
seems worth it for the amount of use watch/log likely get these days.
The example also uses an uppercase letter. Usernames on Unix are
case-sensitive but it wouldn't surprise me if they aren't on Cygwin.
If so, should we add #ifdefs for that?
Oliver
diff --git a/Src/Modules/watch.c b/Src/Modules/watch.c
index 0de8cbf9a..2ad962fb6 100644
--- a/Src/Modules/watch.c
+++ b/Src/Modules/watch.c
@@ -423,20 +423,22 @@ watchlog2(int inout, WATCH_STRUCT_UTMP *u, char *fmt, int prnt, int fini)
/* See if the watch entry matches */
static int
-watchlog_match(char *teststr, char *actual, int len)
+watchlog_match(char *teststr, char *actual, size_t buflen)
{
int ret = 0;
Patprog pprog;
char *str = dupstring(teststr);
+ int len = strnlen(actual, buflen);
+ char *user = metafy(actual, len, META_USEHEAP);
tokenize(str);
if ((pprog = patcompile(str, PAT_STATIC, 0))) {
queue_signals();
- if (pattry(pprog, actual))
+ if (pattry(pprog, user))
ret = 1;
unqueue_signals();
- } else if (!strncmp(actual, teststr, len))
+ } else if (!strcmp(user, teststr))
ret = 1;
return ret;
}
@@ -488,7 +490,7 @@ watchlog(int inout, WATCH_STRUCT_UTMP *u, char **w, char *fmt)
for (vv = ++v; *vv && *vv != '%'; vv++);
sav = *vv;
*vv = '\0';
- if (!watchlog_match(v, u->ut_host, strlen(v)))
+ if (!watchlog_match(v, u->ut_host, sizeof(u->ut_host)))
bad = 1;
*vv = sav;
v = vv;
next prev parent reply other threads:[~2023-10-07 2:18 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-05 21:29 Максим
2023-10-05 21:42 ` Bart Schaefer
2023-10-07 2:05 ` Oliver Kiddle [this message]
2023-10-07 16:49 ` Максим
2023-10-08 0:24 ` Oliver Kiddle
2023-10-08 6:20 ` Максим
2023-10-08 21:47 ` metafy() (was Re: $watch, log and Cyrillic usernames) Oliver Kiddle
2023-10-09 2:01 ` Bart Schaefer
2023-10-10 21:46 ` Oliver Kiddle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51326-1696644317.959346@Oqom.p2Z_.86FS \
--to=opk@zsh.org \
--cc=herobrine135111@gmail.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).