https://bugzilla.mindrot.org/show_bug.cgi?id=2058
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #4 from Darren Tucker <[email protected]> --- RFC4252 says banner support is a SHOULD, and filtering control characters is also a SHOULD: If the 'message' string is displayed, control character filtering, discussed in [SSH-ARCH], SHOULD be used to avoid attacks by sending terminal control characters. The text it refers to in RFC4251 is: 9.2. Control Character Filtering When displaying text to a user, such as error or debug messages, the client software SHOULD replace any control characters (except tab, carriage return, and newline) with safe sequences to avoid attacks by sending terminal control characters. so the current behaviour is compliant. Whether or not is possible to safely display utf8 is a separate question. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
