https://bugzilla.mindrot.org/show_bug.cgi?id=3896
Bug ID: 3896
Summary: Non-ASCII characters in user names are inconsistently
escaped in server logs
Product: Portable OpenSSH
Version: 10.2p1
Hardware: All
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: [email protected]
Reporter: [email protected]
When a client sends an authorization request packet with a username
containing bytes that are not printable ASCII characters, sshd converts
each such byte to an octal escape sequence before passing it to syslog.
That's good. But it does this inconsistently among log messages
referring to the same connection. That's the bug.
For example, with the default (INFO) logging, I see these (IP addresses
have been redacted, user names are real):
sshd[81392]: Invalid user
crowd\303\202\302\255-openid-\303\202\302\255server from A.B.C.D port
55376
sshd[81392]: Connection reset by invalid user
crowd\\303\\202\\302\\255-openid-\\303\\202\\302\\255server A.B.C.D
port 55376 [preauth]
sshd[235619]: Invalid user
\303\220\302\260\303\220\302\264\303\220\302\274\303\220\302\270\303\220\302\275
from E.F.G.H port 40612
sshd[235619]: Connection reset by invalid user
\\303\\220\\302\\260\\303\\220\\302\\264\\303\\220\\302\\274\\303\\220\\302\\270\\303\\220\\302\\275
E.F.G.H port 40612 [preauth]
It looks like the username string is being escaped once when read off
the wire, printed as such in the "Invalid user" message, and then
escaped *again* for messages that include a username in the "log
preamble".
This makes log analysis unnecessarily difficult. It would be better if
escaping was consistently applied just once.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
