From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 10671 invoked from network); 7 Oct 2023 02:18:22 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 7 Oct 2023 02:18:22 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Message-ID:Date: Content-Transfer-Encoding:Content-ID:Content-Type:MIME-Version:Subject:To: References:From:In-reply-to:cc:Reply-To:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=PEIHQuY7iU9URaW2/ODejJsNFUrrjWlAN1jNGfIyK88=; b=Iyd7WaGPvn9ImwcRrNvNkAMFOd xZapeeou2uiUB4/6+fE3ZKh9jekV/9JmXnECWq+bCX0EHoXNWCPfQycDtJJX0etPMZKJJ4eAo0boH pic9aDczick7UAU9RVdTK0zUipWL1VzF951TGw6u+HttluFhKZIthLY+/wrRdpcxUFTVIuYZvmmuT MLt9mn3i9NyV0uwJKVhgRKHf05AaKIHh5KKG/3LHfvyYGSvNJfbojbK724Vy1UInJ1qyDVb6KfClA LKYoLxMLjUg45tlofAYNi0PmJQs9Tts/lg+chAeRycI5eQBvChJ23yLpJ0HFtTZp7ChubOhBwJcYh JYBN0mlQ==; Received: by zero.zsh.org with local id 1qowtZ-0009iG-A6; Sat, 07 Oct 2023 02:18:21 +0000 Received: by zero.zsh.org with esmtpsa (TLS1.3:TLS_AES_256_GCM_SHA384:256) id 1qowgw-00097E-Rg; Sat, 07 Oct 2023 02:05:19 +0000 Received: from [192.168.178.21] (helo=hydra) by mail.kiddle.eu with esmtp(Exim 4.95) (envelope-from ) id 1qowgv-000DLr-VR; Sat, 07 Oct 2023 04:05:18 +0200 cc: zsh-workers@zsh.org In-reply-to: From: Oliver Kiddle References: To: =?UTF-8?B?0JzQsNC60YHQuNC8?= Subject: Re: $watch, log and Cyrillic usernames MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-ID: <51014.1696643974.1@hydra> Content-Transfer-Encoding: 8bit Date: Sat, 07 Oct 2023 04:05:17 +0200 Message-ID: <51326-1696644317.959346@Oqom.p2Z_.86FS> X-Seq: 52207 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: , List-Subscribe: , List-Unsubscribe: , List-Post: List-Owner: List-Archive: Максим wrote: > Hello again. I found another bug with cyrillic usernames in zsh (again on > Cygwin, but can be reproduced on Linux) Reproducing does involve bypassing utilities like useradd which complain about invalid usernames. But I can imagine such rules will increasingly be relaxed and there's no reason for zsh to make assumptions. > % watch=(Студент); log # ("Студент" record is missing) The value from $watch is metafied and that's what patcompile() and pattry() need so the fix below uses metafy() on the username from utmp. However, in looking closer at the code I observed the existing use of sizeof(u->ut_name) which is 32 on my system. So I tried creating 32 and 33 character usernames (which, incidentally, useradd was happy with) and as I suspected u->ut_name is not null-terminated for these. So the patch uses strnlen() with the sizeof() for n to get the length to pass to metafy(). We have no existing uses of strnlen() but I don't foresee portability issues given that it is attributed to the 2008 POSIX standard and is supported in Solaris 10 which is from a few years prior to that. If needed, it'd be easy to provide an alternative implementation. To match the 33 character username, it does need to be truncated in $watch. last -w does manage to print the full username, would be good to know how. For the hostname, our code was using strlen() rather than sizeof(). I can't see why this would be needed. I would have tried putting UTF-8 in my hosts file to test that that but I'm only getting IP addresses in utmp. I guess we could do reverse lookups but it hardly seems worth it for the amount of use watch/log likely get these days. The example also uses an uppercase letter. Usernames on Unix are case-sensitive but it wouldn't surprise me if they aren't on Cygwin. If so, should we add #ifdefs for that? Oliver diff --git a/Src/Modules/watch.c b/Src/Modules/watch.c index 0de8cbf9a..2ad962fb6 100644 --- a/Src/Modules/watch.c +++ b/Src/Modules/watch.c @@ -423,20 +423,22 @@ watchlog2(int inout, WATCH_STRUCT_UTMP *u, char *fmt, int prnt, int fini) /* See if the watch entry matches */ static int -watchlog_match(char *teststr, char *actual, int len) +watchlog_match(char *teststr, char *actual, size_t buflen) { int ret = 0; Patprog pprog; char *str = dupstring(teststr); + int len = strnlen(actual, buflen); + char *user = metafy(actual, len, META_USEHEAP); tokenize(str); if ((pprog = patcompile(str, PAT_STATIC, 0))) { queue_signals(); - if (pattry(pprog, actual)) + if (pattry(pprog, user)) ret = 1; unqueue_signals(); - } else if (!strncmp(actual, teststr, len)) + } else if (!strcmp(user, teststr)) ret = 1; return ret; } @@ -488,7 +490,7 @@ watchlog(int inout, WATCH_STRUCT_UTMP *u, char **w, char *fmt) for (vv = ++v; *vv && *vv != '%'; vv++); sav = *vv; *vv = '\0'; - if (!watchlog_match(v, u->ut_host, strlen(v))) + if (!watchlog_match(v, u->ut_host, sizeof(u->ut_host))) bad = 1; *vv = sav; v = vv;