From e0d8009d76b3a2451cb6c6ed2b241c7eff06ed60 Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Fri, 26 Sep 2014 18:49:44 -0500 Subject: The only illegal characters in a username are ":" (field separator), "\n" (line separator), and "/" (filename separator). Restricting usernames to the legacy posix character allowed set (for filenames, so the $HOME directory is creatable on VFAT and similar) means you can't have UTF-8 usernames. Linux allows any character but / and NUL in filenames. Since root is creating these entries, we assume root knows what it's doing. --- toys/pending/useradd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'toys/pending/useradd.c') diff --git a/toys/pending/useradd.c b/toys/pending/useradd.c index 9f1fa4c5..4f2bcc61 100644 --- a/toys/pending/useradd.c +++ b/toys/pending/useradd.c @@ -54,8 +54,8 @@ void useradd_main(void) } // Sanity check user to add - if (strchr(s, ':') || strchr(s, '/') || strlen(s) > LOGIN_NAME_MAX) - error_exit("bad name"); + if (s[strcspn(s, ":/\n")] || strlen(s) > LOGIN_NAME_MAX) + error_exit("bad username"); // race condition: two adds at same time? if (getpwnam(s)) error_exit("'%s' in use", s); -- cgit v1.2.3