Roland,

Thanks for the review, and what you are saying makes sense if I was 
purely checking
for characters vs bytes.. but.... according to passwd(4), the login name 
should
be <= 8 bytes, not characters.. so in this case strlen should be suffice 
nicely.

Matt


Roland Mainz wrote:
> Matt Keenan wrote:
>   
>> Roland Mainz wrote:
>>     
>>> Note that the limit should really count in _characters_ and not _bytes_
>>> (to allow things like "Schr?der" as login-name (which usually works in
>>> matching multibyte locales like en_US.UTF-8 except for a few utilities))
>>> ; the current upper limit is 32 _bytes_.
>>>       
>> I just do a simply strlen(), which counts characters AFAIK ?
>>     
>
> |strlen()| counts |char| which are (on most modern platforms) just
> _bytes_. Multibyte characters are variable width and may consume more
> than one byte.
>
> AFAIK you want something like:
> -- snip --
> int len = mbstowcs(NULL, s, SSIZE_MAX);
> -- snip --
> ... and check for either ">= 8" (characters) or "== (size_t)-1"
> (mbstowcs error).
>
> Unfortunately many places within OS/Net do the same mistake... but I'm
> so fed-up wit this thing that I added an item to get this fixed in my
> ToDo list and now go actively after all applications which don't work
> with non-ASCII login names (most applications will work out-of-the-box
> and those who don't work usuauly only need their boundary checking to be
> improved in a similar way as the suggestion above...).
>
> ----
>
> Bye,
> Roland
>
>   


Reply via email to