die_if_bad_username: tighten up a bit
function old new delta die_if_bad_username 77 97 +20 Based on patches from Tito. The changes are: better comments we disallow '@' now - in practice such usernames will be unusable use of the portable filename character set plus '$' don't use isalnum as it allows non-ASCII letters in legacy 8-bit locales (pointed out by Rich Felker) enforce maximum length of LOGIN_NAME_MAX (including NUL) don't allow '$', '.', and '-' as first char don't print the illegal char in error message as if it is a wide char it will be unreadable print the position of the illegal character Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
6e42b89b8d
commit
7485086f1e
@ -18,23 +18,45 @@
|
|||||||
|
|
||||||
void FAST_FUNC die_if_bad_username(const char *name)
|
void FAST_FUNC die_if_bad_username(const char *name)
|
||||||
{
|
{
|
||||||
/* 1st char being dash or dot isn't valid: */
|
const char *start = name;
|
||||||
goto skip;
|
|
||||||
/* For example, name like ".." can make adduser
|
/* 1st char being dash or dot isn't valid:
|
||||||
* chown "/home/.." recursively - NOT GOOD
|
* for example, name like ".." can make adduser
|
||||||
|
* chown "/home/.." recursively - NOT GOOD.
|
||||||
|
* Name of just a single "$" is also rejected.
|
||||||
*/
|
*/
|
||||||
|
goto skip;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
if (*name == '-' || *name == '.')
|
unsigned char ch;
|
||||||
continue;
|
|
||||||
skip:
|
/* These chars are valid unless they are at the 1st pos: */
|
||||||
if (isalnum(*name)
|
if (*name == '-'
|
||||||
|| *name == '_'
|
|| *name == '.'
|
||||||
|| *name == '@'
|
/* $ is allowed if it's the last char: */
|
||||||
|| (*name == '$' && !name[1])
|
|| (*name == '$' && !name[1])
|
||||||
) {
|
) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
bb_error_msg_and_die("illegal character '%c'", *name);
|
skip:
|
||||||
|
ch = *name;
|
||||||
|
if (ch == '_'
|
||||||
|
/* || ch == '@' -- we disallow this too. Think about "user@host" */
|
||||||
|
/* open-coded isalnum: */
|
||||||
|
|| (ch >= '0' && ch <= '9')
|
||||||
|
|| ((ch|0x20) >= 'a' && (ch|0x20) <= 'z')
|
||||||
|
) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
bb_error_msg_and_die("illegal character with code %u at position %u",
|
||||||
|
(unsigned)ch, (unsigned)(name - start));
|
||||||
} while (*++name);
|
} while (*++name);
|
||||||
|
|
||||||
|
/* The minimum size of the login name is one char or two if
|
||||||
|
* last char is the '$'. Violations of this are caught above.
|
||||||
|
* The maximum size of the login name is LOGIN_NAME_MAX
|
||||||
|
* including the terminating null byte.
|
||||||
|
*/
|
||||||
|
if (name - start >= LOGIN_NAME_MAX)
|
||||||
|
bb_error_msg_and_die("name is too long");
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user