[PATCH RESEND] check user and group names for illegal chars in adduser and addgroup
Mike Frysinger
vapier at gentoo.org
Wed Mar 19 08:35:50 PDT 2008
On Tuesday 18 March 2008, Tito wrote:
> this patch adds the new function xcheck_name()
as long as this is optional, it sounds great
> void xcheck_name(const char *name)
> {
> int i = 0;
>
> do {
> if (!isalnum(*name)
> && !(*name == '_')
> && !(*name == '.')
> && !(*name == '@')
> && !(*name == '-' && i)
> && !(*name == '$' && !*(name + 1))
> )
i'd combine the inversion so it'll be easier to understand. so like:
if (!( ....... ))
the list of valid characters also doesnt match the common shadow package. the
regex to validate against is:
[a-z_][a-z0-9_-.]*[$]
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
Url : http://busybox.net/lists/busybox/attachments/20080319/ba4e6a34/attachment.pgp
More information about the busybox
mailing list