jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-11-28 19:52:44 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Verify that the username length is smaller than MAXLOGNAME when

Browse Source 
asked to verify a passwd file (pwd_mkdb -C).

Entries with oversized usernames are still permitted when building
the passwd database.

When entries are >= MAXLOGNAME in length, they are correctly stored
in passwd, pwd.db and spwd.db but are only correctly retrieved by
getpwent*() and getpwuid*().  getpwnam*() truncates to MAXLOGNAME - 1
when reading from a file (breaking at least sh, tcsh and bash)
and utilities such as su(1) check, complain and fail if the
passed name is >= MAXLOGNAME in length.

MFC after:	3 weeks
This commit is contained in:
Brian Somers 2009-05-20 08:32:25 +00:00
parent 866772cfa7
commit 15344a5690
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=192432
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
usr.sbin/pwd_mkdb/pwd_mkdb.c
View File

@ -204,7 +204,11 @@ main(int argc, char *argv[])
/* check only if password database is valid */
if (Cflag) {
for (cnt = 1; scan(fp, &pwd); ++cnt);
while (scan(fp, &pwd))
if (!is_comment && strlen(pwd.pw_name) >= MAXLOGNAME) {
warnx("%s: username too long", pwd.pw_name);
exit(1);
}
exit(0);
}