enforce maxlength in usernames (was: [PATCH] enforce maxlenght in usernames)

Matthias Andree mandree at FreeBSD.org
Wed Jul 27 20:33:09 UTC 2011


Am 27.07.2011 21:56, schrieb Tito:

> Saying that it does not belong there is not enough, please tell me also
> where it should be. Looked like a good place to me. In the same 
> function we check for illegal chars in usernames. You should also take
> into account that busybox does not support conf files for the adduser
> applet. Eventually the value could be made a config option (so that it could be
> changed) but it looks like bloat to me. Another way could be to add a define
> to libbb.h
> 
> #define MAX_USERNAME_LENGTH 32

Alright, IEEE Std. 1003.1-2008 aka Single UNIX™ Specification v4 aka The
Open Group Base Specifications Issue 7, already has corresponding
definitions.

It's available for online reading free of charge after registration at
http://pubs.opengroup.org/onlinepubs/9699919799/

Basically this standard has headers define LOGIN_NAME_MAX and
_POSIX_LOGIN_NAME_MAX, in <limits.h> and <unistd.h>, respectively.
These could be used, instead of inventing [y]our own.  Be sure to read
up on getlogin(), unistd.h, limits.h, sysconf thereabouts in the
standards before implementing; the latter _POSIX_ variant is the minimum
acceptable length for LOGIN_NAME, including the \0 byte, and currently 9.

Inconsistencies will cause arbitrary malfunction, non-portability,
maintenance headaches and possibly even in-system incompatibilities.
Non-NUL terminated C strings are the least of your worries in that case.


More information about the busybox mailing list