Bug 332428 - Password and username are sent as latin1 strings instead of utf8
Summary: Password and username are sent as latin1 strings instead of utf8
Status: REPORTED
Alias: None
Product: kio-extras
Classification: Frameworks and Libraries
Component: FISH (show other bugs)
Version: unspecified
Platform: Debian testing Linux
: NOR normal
Target Milestone: ---
Assignee: Jörg Walter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-22 02:43 UTC by Alexis Murzeau
Modified: 2022-12-05 21:34 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
Diff of changes to fish.cpp to send utf8 strings to ssh instead of latin1 (3.02 KB, patch)
2014-03-22 02:43 UTC, Alexis Murzeau
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alexis Murzeau 2014-03-22 02:43:43 UTC
Created attachment 85684 [details]
Diff of changes to fish.cpp to send utf8 strings to ssh instead of latin1

I used fish to access a ssh server using a key with passphrase. I am using characters that have their values different whether the charset is utf8 or latin1 (iso-8859-1).

Test to reproduce the error:
Precondition: remote account password or ssh key passphrase is "ètr"

Test 1:
- Use fish to access a remote server using for example Dolphin
- A dialog prompt for the password (or passphrase of the key)
- Put "ètr" in the password field and confirm
- The password is refused and fish ask again for the password

Test 2:
- Use fish to access a remote server using for example Dolphin
- A dialog prompt for the password (or passphrase of the key)
- Put "ètr" in the password field and confirm
- The password is accepted and fish show files of the remote server

The password is read as unicode UTF16 (using QString), then kio_fish convert it to latin1 and send it to ssh. ssh expect a utf8 string. When puting "ètr" in the password prompt, the "è" character is sent to ssh as byte 0xE8. ssh read 0xE8 and it does not map to the expected character (maybe an invalid character)

When puting "ètr", "è" is sent to ssh as bytes 0xC3 0xA8. ssh read these two bytes as utf8 and these bytes map to "è", it's the expected character, so the received password by ssh is "ètr" which is correct.

The problem here is that fish send latin1 strings where utf8 is expected.

So if I am right about that, please consider the diff fish.cpp.diff (fish.cpp.orig is the original fish.cpp file from commit e2f88ea3 (latest file version there https://projects.kde.org/projects/kde/kde-runtime/repository/revisions/master/changes/kioslave/fish/fish.cpp)

I tested it and it works (tested with a prompt of key's passphrase)
Comment 1 Christoph Feck 2014-03-26 22:01:10 UTC
Thanks for the patch, I am not sure if it should use toLocal8bit() instead. Could you please open a review request at https://git.reviewboard.kde.org/ ?
Comment 2 Alexis Murzeau 2014-03-30 11:19:09 UTC
Indeed, I was using utf8 as the system encoding, but according to https://tools.ietf.org/html/rfc4252#section-5 and https://tools.ietf.org/html/rfc4252#section-8 username and password are always in utf8. But I don't know if ssh does any encoding conversion based on the system encoding.

At least it seems that the passphrase is used as a byte sequence, so it's encoding is the one used when creating the ssh key. So it would be toLocal8Bit() for the passphrase at least.

I just saw that ssh is started with LANG=C LC_ALL=C so maybe ssh expect something else than utf8 for the username and password. But the passphrase is in system encoding no matter the environment variables are

Maybe checking if the buffer that contains ssh output contains "passphrase" and in that case, use toLocal8Bit() ?
Comment 3 Christoph Feck 2014-03-30 21:36:09 UTC
Alexis, I cannot answer your question, since I do not understand the internals. As a member of the bug triaging team, I can only suggest you either start a thread at kde-core-devel mailing list, or a review request. In both cases, KDE developers can discuss the issue and patch better than via this bug tracker.
Comment 4 Christoph Feck 2014-04-21 18:49:05 UTC
Any progress with the review request?
Comment 5 Alexis Murzeau 2014-04-27 12:42:59 UTC
Sorry for late response, I started a thread at kde-core-devel: http://lists.kde.org/?l=kde-core-devel&m=139853883825208&w=2
Thread subject: Fish: ssh key pass-phrase prompt use wrong encoding
Comment 6 Justin Zobel 2022-11-30 05:28:22 UTC
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Comment 7 Alexis Murzeau 2022-12-05 21:34:07 UTC
(In reply to Justin Zobel from comment #6)
> Thank you for reporting this issue in KDE software. As it has been a while
> since this issue was reported, can we please ask you to see if you can
> reproduce the issue with a recent software version?
> 
> If you can reproduce the issue, please change the status to "REPORTED" when
> replying. Thank you!

Hi,

I've retested it, but I think the issue is still present as the code still uses toLatin1 for password:
https://github.com/KDE/kio-extras/blob/9ade088f494726651729e1740f05d4bbc48e89b6/fish/fish.cpp#L624

In the meantime I've used passwords without special characters to avoid this issue.