Re: How to treat utf8 text with overlong utf8 sequences?

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: How to treat utf8 text with overlong utf8 sequences?
From: Derek Fawcus <dfawcus%cisco.com@localhost>
Date: Mon, 4 Oct 2004 17:24:12 +0100

On Sat, Oct 02, 2004 at 03:18:19PM +0200, Niels Möller wrote:
> What do you think about sending overlong / "non-minimum form" utf8
> sequences in various utf8 strings in the protocol?

Don't do it.

> I'm tempted to treat any use of overlong or otherwise invalid utf8
> strings that I receive from the remote end as a protocol error.

Agreed.

> * Do you think that is a reasonable thing to do?

Yes.

> * Does it violate the ssh specification?

No.

> * Will it cause any interoperability problems in practice?

No.  If so,  if the other end.  I happe to agree with the
comment that it could lead to security problems;  if not
immediately,  then eventually,  simply by the fact that
the 'unexpected' form may violate some assumptions.

DF

References:
- How to treat utf8 text with overlong utf8 sequences?
  - From: Niels Möller

Prev by Date: Re: Text file type hint proposal for filexfer
Next by Date: Re: Text file type hint proposal for filexfer
Previous by Thread: Re: How to treat utf8 text with overlong utf8 sequences?
Next by Thread: Re: How to treat utf8 text with overlong utf8 sequences?
Indexes:

Home | Main Index | Thread Index | Old Index