enforce maxlength in usernames (was: [PATCH] enforce maxlenght in usernames)

Tito farmatito at tiscali.it
Thu Jul 28 12:12:17 UTC 2011


On Thursday 28 July 2011 07:33:10 Lauri Kasanen wrote:
> > Hi,
> > Could  this be more acceptable. Could be improved by removing
> > the double strlen also the error message could be better.
> > Just to see if I overlooked something obvious.
> > 
> > Ciao,
> > Tito
> > 
> > void FAST_FUNC die_if_bad_username(const char *name)
> > {
> > 	/* Enforce length limits on usernames. 
> > 	 * LOGIN_NAME_MAX: Maximum length of a login name,
> > 	 * including the terminating null byte.
> > 	 * Must not be less than _POSIX_LOGIN_NAME_MAX (9).
> > 	 */
> > 	if (!name 
> > 	 || strlen(name) + 1 > sysconf(_SC_LOGIN_NAME_MAX)
> > 	 || strlen(name) + 1 < _POSIX_LOGIN_NAME_MAX
> 
> That is no minimum, it's a minimum of the maximum. Consider names like
> "root", "lp".
> 
> - Lauri
> 
> 

OK, I see. One more try. Eventually we could substitute LOGIN_NAME_MAX
with 64 as suggested or with 32 as in man useradd. Hints
for a better error message are welcome.

Ciao,
Tito

void FAST_FUNC die_if_bad_username(const char *name)
{
	/* Enforce length limits on usernames. 
	 * LOGIN_NAME_MAX: Maximum length of a login name,
	 * including the terminating null byte.
	 * Must not be less than _POSIX_LOGIN_NAME_MAX (9).
	 */
	if (!name  /* Not NULL */
	 || !*name /* at least one char */
	 /* maximum: LOGIN_NAME_MAX or _POSIX_LOGIN_NAME_MAX if bigger */
	 || strlen(name) + 1 > MAX(sysconf(_SC_LOGIN_NAME_MAX), _POSIX_LOGIN_NAME_MAX)
	)
		bb_error_msg_and_die("illegal name length");
	/* 1st char being dash or dot isn't valid: */
	goto skip;
	/* For example, name like ".." can make adduser
	 * chown "/home/.." recursively - NOT GOOD
	 */

	do {
		if (*name == '-' || *name == '.')
			continue;
 skip:
		if (isalnum(*name)
		 || *name == '_'
		 || *name == '@'
		 || (*name == '$' && !name[1])
		) {
			continue;
		}
		bb_error_msg_and_die("illegal character '%c'", *name);
	} while (*++name);
}


More information about the busybox mailing list