676599b36a
This prevents injection of ':' and '\n' into output functions which use the NSS files database syntax. Critical fields (user/group names and file system paths) are checked strictly. For backwards compatibility, the GECOS field is rewritten instead. The getent program is adjusted to use the put*ent functions in libc, instead of local copies. This changes the behavior of getent if user names start with '-' or '+'.
36 lines
1.2 KiB
C
36 lines
1.2 KiB
C
/* Copyright (C) 2015 Free Software Foundation, Inc.
|
|
This file is part of the GNU C Library.
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with the GNU C Library; if not, see
|
|
<http://www.gnu.org/licenses/>. */
|
|
|
|
#include <nss.h>
|
|
#include <stdbool.h>
|
|
#include <string.h>
|
|
|
|
static const char invalid_characters[] = NSS_INVALID_FIELD_CHARACTERS ",";
|
|
|
|
/* Check that all list members match the field syntax requirements and
|
|
do not contain the character ','. */
|
|
_Bool
|
|
__nss_valid_list_field (char **list)
|
|
{
|
|
if (list == NULL)
|
|
return true;
|
|
for (; *list != NULL; ++list)
|
|
if (strpbrk (*list, invalid_characters) != NULL)
|
|
return false;
|
|
return true;
|
|
}
|