Ignore:
Timestamp:
Jan 1, 2014, 12:47:38 AM (7 years ago)
Author:
Bruno Cornec
Message:
  • Update mindi-busybox to 1.21.1
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.2/mindi-busybox/libbb/die_if_bad_username.c

    r2725 r3232  
    1919void FAST_FUNC die_if_bad_username(const char *name)
    2020{
    21     /* 1st char being dash or dot isn't valid: */
     21    const char *start = name;
     22
     23    /* 1st char being dash or dot isn't valid:
     24     * for example, name like ".." can make adduser
     25     * chown "/home/.." recursively - NOT GOOD.
     26     * Name of just a single "$" is also rejected.
     27     */
    2228    goto skip;
    23     /* For example, name like ".." can make adduser
    24      * chown "/home/.." recursively - NOT GOOD
    25      */
    2629
    2730    do {
    28         if (*name == '-' || *name == '.')
    29             continue;
    30  skip:
    31         if (isalnum(*name)
    32          || *name == '_'
    33          || *name == '@'
     31        unsigned char ch;
     32
     33        /* These chars are valid unless they are at the 1st pos: */
     34        if (*name == '-'
     35         || *name == '.'
     36        /* $ is allowed if it's the last char: */
    3437         || (*name == '$' && !name[1])
    3538        ) {
    3639            continue;
    3740        }
    38         bb_error_msg_and_die("illegal character '%c'", *name);
     41 skip:
     42        ch = *name;
     43        if (ch == '_'
     44        /* || ch == '@' -- we disallow this too. Think about "user@host" */
     45        /* open-coded isalnum: */
     46         || (ch >= '0' && ch <= '9')
     47         || ((ch|0x20) >= 'a' && (ch|0x20) <= 'z')
     48        ) {
     49            continue;
     50        }
     51        bb_error_msg_and_die("illegal character with code %u at position %u",
     52                (unsigned)ch, (unsigned)(name - start));
    3953    } while (*++name);
     54
     55    /* The minimum size of the login name is one char or two if
     56     * last char is the '$'. Violations of this are caught above.
     57     * The maximum size of the login name is LOGIN_NAME_MAX
     58     * including the terminating null byte.
     59     */
     60    if (name - start >= LOGIN_NAME_MAX)
     61        bb_error_msg_and_die("name is too long");
    4062}
Note: See TracChangeset for help on using the changeset viewer.