Date: Mon, 16 Apr 2001 21:50:24 -0400 (EDT) From: "Andrew R. Reiter" <arr@watson.org> To: freebsd-audit@freebsd.org Subject: more audit work... chpass (openbsd sync) Message-ID: <Pine.NEB.3.96L.1010416214823.76109A-200000@fledge.watson.org>
index | next in thread | raw e-mail
[-- Attachment #1 --]
hi,
attached is another diff for chpass to disallow non-printables in the
passwd file. this is another obsd sync up.
you can also find the diff at
www.watson.org/~arr/fbsd-audit/usr.bin/chpass/
andrew
*-------------.................................................
| Andrew R. Reiter
| arr@fledge.watson.org
| "It requires a very unusual mind
| to undertake the analysis of the obvious" -- A.N. Whitehead
[-- Attachment #2 --]
--- edit.c.orig Mon Apr 16 17:44:59 2001
+++ edit.c Mon Apr 16 17:48:52 2001
@@ -184,10 +184,10 @@
struct passwd *pw;
{
ENTRY *ep;
- char *p;
+ char *q, *p;
struct stat sb;
FILE *fp;
- int len, line;
+ unsigned int len, line;
static char buf[LINE_MAX];
if (!(fp = fopen(tempname, "r")))
@@ -225,7 +225,11 @@
goto bad;
}
while (isspace(*++p));
- if (ep->except && strpbrk(p, ep->except)) {
+ for (q = p; *q && isprint(*q); q++) {
+ if (ep->except && strchr(ep->except,*q))
+ break;
+ }
+ if (*q) {
warnx(
"illegal character in the \"%s\" field",
ep->prompt);
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010416214823.76109A-200000>