aboutsummaryrefslogtreecommitdiff
path: root/libbb
diff options
context:
space:
mode:
Diffstat (limited to 'libbb')
-rw-r--r--libbb/die_if_bad_username.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/libbb/die_if_bad_username.c b/libbb/die_if_bad_username.c
index c1641d376..8b4deec29 100644
--- a/libbb/die_if_bad_username.c
+++ b/libbb/die_if_bad_username.c
@@ -18,16 +18,20 @@
void FAST_FUNC die_if_bad_username(const char *name)
{
- goto skip; /* 1st char being dash isn't valid */
+ /* 1st char being dash or dot isn't valid: */
+ goto skip;
+ /* For example, name like ".." can make adduser
+ * chown "/home/.." recursively - NOT GOOD
+ */
+
do {
- if (*name == '-')
+ if (*name == '-' || *name == '.')
continue;
skip:
if (isalnum(*name)
|| *name == '_'
- || *name == '.'
|| *name == '@'
- || (*name == '$' && !*(name + 1))
+ || (*name == '$' && !name[1])
) {
continue;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-27 08:13:46 +0000