| From e17ff7ab5115b80f0d2bd4989cd31889bd54fbb1 Mon Sep 17 00:00:00 2001 |
| From: Lennart Poettering <lennart@poettering.net> |
| Date: Wed, 9 Jul 2014 19:20:58 +0200 |
| Subject: [PATCH] sysusers: don't allow user names longer than UT_NAMESIZE |
| MIME-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| As pointed out by Miloslav Trmač it might be a good idea to make sure |
| that usernames stay with in the utmp-defined limits. |
| |
| (cherry picked from commit 932ad62b84165b0acf690ea34c4b8083657ae244) |
| |
| man/sysusers.d.xml | 2 +- |
| src/sysusers/sysusers.c | 4 ++++ |
| 2 files changed, 5 insertions(+), 1 deletion(-) |
| |
| diff --git a/man/sysusers.d.xml b/man/sysusers.d.xml |
| index 549b3f6351..40f8715bc0 100644 |
| |
| |
| @@ -142,7 +142,7 @@ m authd input</programlisting> |
| <title>Name</title> |
| |
| <para>The name field specifies the user or |
| - group name. It should be be shorter than 256 |
| + group name. It should be be shorter than 31 |
| characters and avoid any non-ASCII characters, |
| and not begin with a numeric character. It is |
| strongly recommended to pick user and group |
| diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c |
| index c0af69300a..f3ba8cf7b3 100644 |
| |
| |
| @@ -24,6 +24,7 @@ |
| #include <grp.h> |
| #include <shadow.h> |
| #include <getopt.h> |
| +#include <utmp.h> |
| |
| #include "util.h" |
| #include "hashmap.h" |
| @@ -1095,6 +1096,9 @@ static bool valid_user_group_name(const char *u) { |
| if ((size_t) (i-u) > (size_t) sz) |
| return false; |
| |
| + if ((size_t) (i-u) > UT_NAMESIZE - 1) |
| + return false; |
| + |
| return true; |
| } |
| |