[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: enforce maxlength in usernames (was: [PATCH] enforce maxlenght in
From: Tito <farmatito () tiscali ! it>
Date: 2011-07-28 12:12:17
Message-ID: 201107281412.17546.farmatito () tiscali ! it
[Download RAW message or body]
On Thursday 28 July 2011 07:33:10 Lauri Kasanen wrote:
> > Hi,
> > Could this be more acceptable. Could be improved by removing
> > the double strlen also the error message could be better.
> > Just to see if I overlooked something obvious.
> >
> > Ciao,
> > Tito
> >
> > void FAST_FUNC die_if_bad_username(const char *name)
> > {
> > /* Enforce length limits on usernames.
> > * LOGIN_NAME_MAX: Maximum length of a login name,
> > * including the terminating null byte.
> > * Must not be less than _POSIX_LOGIN_NAME_MAX (9).
> > */
> > if (!name
> > || strlen(name) + 1 > sysconf(_SC_LOGIN_NAME_MAX)
> > || strlen(name) + 1 < _POSIX_LOGIN_NAME_MAX
>
> That is no minimum, it's a minimum of the maximum. Consider names like
> "root", "lp".
>
> - Lauri
>
>
OK, I see. One more try. Eventually we could substitute LOGIN_NAME_MAX
with 64 as suggested or with 32 as in man useradd. Hints
for a better error message are welcome.
Ciao,
Tito
void FAST_FUNC die_if_bad_username(const char *name)
{
/* Enforce length limits on usernames.
* LOGIN_NAME_MAX: Maximum length of a login name,
* including the terminating null byte.
* Must not be less than _POSIX_LOGIN_NAME_MAX (9).
*/
if (!name /* Not NULL */
|| !*name /* at least one char */
/* maximum: LOGIN_NAME_MAX or _POSIX_LOGIN_NAME_MAX if bigger */
|| strlen(name) + 1 > MAX(sysconf(_SC_LOGIN_NAME_MAX), _POSIX_LOGIN_NAME_MAX)
)
bb_error_msg_and_die("illegal name length");
/* 1st char being dash or dot isn't valid: */
goto skip;
/* For example, name like ".." can make adduser
* chown "/home/.." recursively - NOT GOOD
*/
do {
if (*name == '-' || *name == '.')
continue;
skip:
if (isalnum(*name)
|| *name == '_'
|| *name == '@'
|| (*name == '$' && !name[1])
) {
continue;
}
bb_error_msg_and_die("illegal character '%c'", *name);
} while (*++name);
}
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic