Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 174352 - finger munges UTF-8 GECOS information
finger munges UTF-8 GECOS information
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: finger (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Radek Vokal
Mike McLean
Depends On:
Blocks: 187538
  Show dependency treegraph
Reported: 2005-11-28 07:08 EST by Bastien Nocera
Modified: 2014-09-04 07:01 EDT (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2006-0342
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 490443 (view as bug list)
Last Closed: 2006-05-17 15:34:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
finger-munge-utf8-gecos.patch (505 bytes, patch)
2005-11-28 07:08 EST, Bastien Nocera
no flags Details | Diff
finger-i18n.sh (519 bytes, text/plain)
2005-11-28 07:09 EST, Bastien Nocera
no flags Details
bsd-finger-wide-char-support.patch (2.57 KB, patch)
2005-12-12 07:12 EST, Bastien Nocera
no flags Details | Diff
bsd-finger-wide-char-support2.patch (2.72 KB, patch)
2005-12-12 07:57 EST, Bastien Nocera
no flags Details | Diff
bsd-finger-wide-char-support3.patch (2.84 KB, patch)
2005-12-12 08:44 EST, Bastien Nocera
no flags Details | Diff
bsd-finger-wide-char-support4.patch (4.02 KB, patch)
2005-12-13 10:38 EST, Bastien Nocera
no flags Details | Diff
use fprintf for whole UTF8 line (3.73 KB, patch)
2005-12-15 04:09 EST, Radek Vokal
no flags Details | Diff
bsd-finger-wide-char-support6.patch (3.75 KB, patch)
2005-12-15 09:21 EST, Radek Vokal
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2006:0342 normal SHIPPED_LIVE finger bug fix update 2006-05-17 00:00:00 EDT

  None (edit)
Description Bastien Nocera 2005-11-28 07:08:20 EST

When a UTF-8 real username is created, fingering that user will print out
garbage in place of the username, as finger implements "fputs()" using fputc,
which doesn't understand wide characters.

Patch and testcase attached below.
Comment 1 Bastien Nocera 2005-11-28 07:08:21 EST
Created attachment 121538 [details]
Comment 2 Bastien Nocera 2005-11-28 07:09:18 EST
Created attachment 121539 [details]
Comment 3 Radek Vokal 2005-11-28 08:09:34 EST
Thanks, patched applied on rawhide
Comment 6 Bastien Nocera 2005-12-07 03:43:25 EST
Radek, this patch doesn't take into account:
- 7-bit terminals
- the send_crs option
- stripping non-printable characters

I will fix those up, and upload a corrected patch soon.
Comment 7 Radek Vokal 2005-12-08 05:58:02 EST
Great, how about using Octalify makro from file to make nonprintable characters
Comment 8 Bastien Nocera 2005-12-08 13:13:44 EST
Yep, would still need to take into account the 2 other ones. But doing a putc on
each character is definitely a mistake.
I'll check it out tomorrow, if I have some spare time.
Comment 9 Bastien Nocera 2005-12-12 07:12:06 EST
Created attachment 122127 [details]

A patch that does all that (hopefully). No autotool-fu, there's no configure.in
or .ac in the tarball...
Comment 10 Radek Vokal 2005-12-12 07:48:05 EST
I'm not sure it works now :) At least your own test script gives me broken output 

root@garfield finger# ./finger test-i18n
Login: test-i18n                        Name:

Comment 11 Bastien Nocera 2005-12-12 07:49:58 EST
Well, you will need to have all this defined for it to work:
+#if defined(HAVE_WCHAR_H) && defined(HAVE_MBRTOWC) && defined(HAVE_WCWIDTH)

As there's no configure-fu, hard-coding it at the top of display.c might be a
short-term work-around.
Comment 12 Bastien Nocera 2005-12-12 07:52:52 EST
And it's quite broken still :)
Comment 13 Bastien Nocera 2005-12-12 07:57:17 EST
Created attachment 122128 [details]
Comment 14 Radek Vokal 2005-12-12 08:04:27 EST
Ehm, again, here's my output

# ./finger test-i18n
Login: test-i18n                        Name:
finger: display.c:226: fxputs: Assertion `bytesconsumed != (size_t)(-1) &&
bytesconsumed != (size_t)(-2)' failed.
Directory: /home/test-i18n          Aborted

and reading your comment in the patch :)
/* This isn't supposed to happen as we verified the string before hand */

Comment 15 Bastien Nocera 2005-12-12 08:19:11 EST
Yeah, I'm currently testing with hard-coded defines. Don't understand why it
doesn't parse the username as a valid multi-byte string...
Comment 16 Bastien Nocera 2005-12-12 08:44:11 EST
Created attachment 122135 [details]

This *should* work, but for some reason, it doesn't parse the string properly,
and think it's not a valid multi-byte string. I have no idea why it doesn't
Can you find my stupid typo somewhere there?
Comment 17 Radek Vokal 2005-12-13 03:09:11 EST
Ok, I'll try to find it out today. From the first glance, I don't think that
verifymultibate function is correct. Debugger shows that it returns 1 at a very
first multibyte character it hits. Closely mbrtowc returns -1 when for ¥. 
Comment 18 Bastien Nocera 2005-12-13 04:27:06 EST
yeah, which is why I think there's a typo somewhere there...
Comment 19 Radek Vokal 2005-12-13 04:44:54 EST
Hmm, I thought this will correctly test whole line as multibyte string but it
also fails when a single multibyte character appears in the line :( So is there
sth wrong with the input buffer?

static int verifymultibyte(const char *buf) {
	mbstate_t state;
	wchar_t *wbuf;
	size_t bytesconsumed;
	(void)memset(&state, 0, sizeof(mbstate_t));
	int n = strlen(buf);
	(void)wmemset(wbuf, 0, 2*n);
	int x;
	if ((x = mbsrtowcs(wbuf, &buf,n,&state)) > 0) {
	    printf("Success (length=%x)\n",x);
	    return 1;
	} else {
	    return 0;
Comment 20 Radek Vokal 2005-12-13 06:19:47 EST
Created attachment 122173 [details]
4th revision of widechar patch

Ok, this works for me. Needs some more clean-up but it should be fine ...
Comment 22 Bastien Nocera 2005-12-13 10:38:08 EST
Created attachment 122181 [details]

And a patch that actually works. Only difference with my -3 patch is the call
to setlocale(). Thanks Jakub for pointing that out.
Comment 23 Radek Vokal 2005-12-14 04:48:45 EST
Yep, works good now. Applied on rawhide.
Comment 25 Radek Vokal 2005-12-15 04:09:36 EST
Created attachment 122267 [details]
use fprintf for whole UTF8 line

Here's another patch. The change is, that converted line is printed as a whole
and not only char by char. Should be really fine now.
Comment 31 Bastien Nocera 2005-12-15 05:27:26 EST
Radek, the updated patch doesn't take into account the send_crs option, or strip
non-printable characters if the string is a proper multi-byte one.
Comment 32 Radek Vokal 2005-12-15 05:30:29 EST
Those should be converted by OCTALIFY, aren't they?
Comment 33 Bastien Nocera 2005-12-15 05:34:59 EST
+			} else if (bytesconsumed == 1) {
+				op++;
+			} else {
This should be special casing stuff like \n

+				char *tmp;
+				tmp = buffer;
+				buffer[bytesconsumed] = '\0';
+				while (bytesconsumed-- > 0) {
+					OCTALIFY(tmp, op);
+				}

tmp (ie. buffer) is used to store the OCTALIFY output, but isn't used afterwards.
Comment 34 Radek Vokal 2005-12-15 07:32:10 EST
IHMO \n will be processed by the if above, cos it will have only one byte. Maybe
this if should have also isprint test for one byte characters. 

   } else if (bytesconsumed == 1 && isprint(op[0])) {

and the rest will be skipped or converted. 
Comment 35 Radek Vokal 2005-12-15 08:14:46 EST
of course 'isprint(op[eop-op])'
Comment 36 Radek Vokal 2005-12-15 08:47:13 EST
ok, I got bit lost in this UTF-8 thing. Why do we want to strip \n and others?
If I look at the original output, it contains newline characters .. is this
wrong? I would like to see some clear example of some breakage it can cause. 

Also what does this sentence mean - "... or strip non-printable characters if
the string is a proper multi-byte one" - don't see where I lost these ones. 

The above comment is wrong, op is already shifted. 
Comment 37 Radek Vokal 2005-12-15 09:21:47 EST
Created attachment 122281 [details]

this patch respects send_crs options. Still remains the problem with some
non-printable characters.
Comment 44 Red Hat Bugzilla 2006-05-17 15:34:32 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.