emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adduser/addgroup: check username for invalid chars

Browse Source 
(by Tito <farmatito AT tiscali.it>). +129 bytes when enabled.
This commit is contained in:
Denis Vlasenko 2008-03-19 23:15:26 +00:00
parent cf7cf62204
commit a7d6c8bab9
5 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/libbb.h
View File

@ -637,7 +637,11 @@ const char* get_cached_groupname(gid_t gid);
void clear_username_cache(void); void clear_username_cache(void);
/* internally usernames are saved in fixed-sized char[] buffers */ /* internally usernames are saved in fixed-sized char[] buffers */
enum { USERNAME_MAX_SIZE = 16 - sizeof(int) }; enum { USERNAME_MAX_SIZE = 16 - sizeof(int) };
#if ENABLE_FEATURE_CHECK_NAMES
void die_if_bad_username(const char* name);
#else
#define die_if_bad_username(name) ((void)(name))
#endif
int execable_file(const char *name); int execable_file(const char *name);
char *find_execable(const char *filename); char *find_execable(const char *filename);

1
libbb/Kbuild
View File

@ -122,6 +122,7 @@ lib-$(CONFIG_MKFS_MINIX) += find_mount_point.o
lib-$(CONFIG_SELINUX) += selinux_common.o lib-$(CONFIG_SELINUX) += selinux_common.o
lib-$(CONFIG_HWCLOCK) += rtc.o lib-$(CONFIG_HWCLOCK) += rtc.o
lib-$(CONFIG_RTCWAKE) += rtc.o lib-$(CONFIG_RTCWAKE) += rtc.o
lib-$(CONFIG_FEATURE_CHECK_NAMES) += die_if_bad_username.o
# We shouldn't build xregcomp.c if we don't need it - this ensures we don't # We shouldn't build xregcomp.c if we don't need it - this ensures we don't
# require regex.h to be in the include dir even if we don't need it thereby # require regex.h to be in the include dir even if we don't need it thereby

12
loginutils/Config.in
View File

@ -82,6 +82,18 @@ config FEATURE_DEL_USER_FROM_GROUP
If called with two non-option arguments, deluser If called with two non-option arguments, deluser
or delgroup will remove an user from a specified group. or delgroup will remove an user from a specified group.
config FEATURE_CHECK_NAMES
bool "Enable sanity check on user/group names in adduser and addgroup"
default n
depends on ADDUSER || ADDGROUP
help
Enable sanity check on user and group names in adduser and addgroup.
To avoid problems, the user or group name should consist only of
letters, digits, underscores, periods, at signs and dashes,
and not start with a dash (as defined by IEEE Std 1003.1-2001).
For compatibility with Samba machine accounts "$" is also supported
at the end of the user or group name.
config ADDUSER config ADDUSER
bool "adduser" bool "adduser"
default n default n

3
loginutils/addgroup.c
View File

@ -173,8 +173,11 @@ int addgroup_main(int argc ATTRIBUTE_UNUSED, char **argv)
#endif #endif
} else } else
#endif /* ENABLE_FEATURE_ADDUSER_TO_GROUP */ #endif /* ENABLE_FEATURE_ADDUSER_TO_GROUP */
{
die_if_bad_username(argv[0]);
new_group(argv[0], gid); new_group(argv[0], gid);
}
/* Reached only on success */ /* Reached only on success */
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }

1
loginutils/adduser.c
View File

@ -111,6 +111,7 @@ int adduser_main(int argc ATTRIBUTE_UNUSED, char **argv)
/* fill in the passwd struct */ /* fill in the passwd struct */
pw.pw_name = argv[0]; pw.pw_name = argv[0];
die_if_bad_username(pw.pw_name);
if (!pw.pw_dir) { if (!pw.pw_dir) {
/* create string for $HOME if not specified already */ /* create string for $HOME if not specified already */
pw.pw_dir = xasprintf("/home/%s", argv[0]); pw.pw_dir = xasprintf("/home/%s", argv[0]);