Changeset 3232 in MondoRescue for branches/3.2/mindi-busybox/libbb/die_if_bad_username.c
- Timestamp:
- Jan 1, 2014, 12:47:38 AM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.2/mindi-busybox/libbb/die_if_bad_username.c
r2725 r3232 19 19 void FAST_FUNC die_if_bad_username(const char *name) 20 20 { 21 /* 1st char being dash or dot isn't valid: */ 21 const char *start = name; 22 23 /* 1st char being dash or dot isn't valid: 24 * for example, name like ".." can make adduser 25 * chown "/home/.." recursively - NOT GOOD. 26 * Name of just a single "$" is also rejected. 27 */ 22 28 goto skip; 23 /* For example, name like ".." can make adduser24 * chown "/home/.." recursively - NOT GOOD25 */26 29 27 30 do { 28 if (*name == '-' || *name == '.')29 continue; 30 skip: 31 if ( isalnum(*name)32 || *name == ' _'33 || *name == '@'31 unsigned char ch; 32 33 /* These chars are valid unless they are at the 1st pos: */ 34 if (*name == '-' 35 || *name == '.' 36 /* $ is allowed if it's the last char: */ 34 37 || (*name == '$' && !name[1]) 35 38 ) { 36 39 continue; 37 40 } 38 bb_error_msg_and_die("illegal character '%c'", *name); 41 skip: 42 ch = *name; 43 if (ch == '_' 44 /* || ch == '@' -- we disallow this too. Think about "user@host" */ 45 /* open-coded isalnum: */ 46 || (ch >= '0' && ch <= '9') 47 || ((ch|0x20) >= 'a' && (ch|0x20) <= 'z') 48 ) { 49 continue; 50 } 51 bb_error_msg_and_die("illegal character with code %u at position %u", 52 (unsigned)ch, (unsigned)(name - start)); 39 53 } while (*++name); 54 55 /* The minimum size of the login name is one char or two if 56 * last char is the '$'. Violations of this are caught above. 57 * The maximum size of the login name is LOGIN_NAME_MAX 58 * including the terminating null byte. 59 */ 60 if (name - start >= LOGIN_NAME_MAX) 61 bb_error_msg_and_die("name is too long"); 40 62 }
Note:
See TracChangeset
for help on using the changeset viewer.