https://bugzilla.mindrot.org/show_bug.cgi?id=3897
--- Comment #1 from Zack Weinberg <[email protected]> --- I looked a little bit into what a patch for this would require, and unfortunately it isn't easy. Throughout openssh, log messages get built up from chunks using all the capabilities of printf, e.g. do_log2(level, "%s %s%s%s for %s%.100s from %.200s port %d ssh2%s%s", authmsg, method, submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, authctxt->valid ? "" : "invalid user ", authctxt->user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), extra != NULL ? ": " : "", extra != NULL ? extra : ""); Of all those %s placeholders, _only_ authctxt->user ought to be output as `""` or something like that, when it's the empty string. Several others are _supposed_ to print nothing at all if they are the empty string. Since C doesn't have perl-style taint tracking, the only way to get this done is therefore to mark up every single place where a string derived directly from data sent by the client is passed to the logging subsystem. This feels like it might not be worth the hassle of _finding_ all those places, or the ongoing maintenance burden of making sure new log messages are also properly marked up. It also ought to be done by someone experienced with how the openssh team likes to do things, i.e. not me. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
