Date: Wed, 9 May 2001 04:19:14 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Maxime Henrion <mux@qualys.com> Cc: audit@FreeBSD.ORG, freebsd-i18n@FreeBSD.org Subject: Re: chpass patch to disallow non-printable characters in the passwd file Message-ID: <20010509041914.A36212@xor.obsecurity.org> In-Reply-To: <20010509131550.A984@nebula.cybercable.fr>; from mux@qualys.com on Wed, May 09, 2001 at 01:15:50PM %2B0200 References: <20010509131550.A984@nebula.cybercable.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
--45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 09, 2001 at 01:15:50PM +0200, Maxime Henrion wrote: > Hi, >=20 > Here is another patch from OpenBSD taken from Kris mailbox. It prevents > users from putting non-printable characters in the passwd file. I'm not sure whether isprint() is the canonical way to check this in the face of different locales. Can someone confirm the correct way to do this? Kris >=20 > Maxime > --=20 > Don't be fooled by cheap finnish imitations ; BSD is the One True Code > Key fingerprint =3D F9B6 1D5A 4963 331C 88FC CA6A AB50 1EF2 8CBE 99D6 > Public Key : http://www.epita.fr/~henrio_m/ > *** /usr/src/usr.bin/chpass/edit.c Wed Sep 6 20:16:46 2000 > --- edit.c Wed May 9 13:12:05 2001 > *************** > *** 184,193 **** > struct passwd *pw; > { > ENTRY *ep; > ! char *p; > struct stat sb; > FILE *fp; > ! int len, line; > static char buf[LINE_MAX]; > =20 > if (!(fp =3D fopen(tempname, "r"))) > --- 184,193 ---- > struct passwd *pw; > { > ENTRY *ep; > ! char *p, *q; > struct stat sb; > FILE *fp; > ! unsigned int len, line; > static char buf[LINE_MAX]; > =20 > if (!(fp =3D fopen(tempname, "r"))) > *************** > *** 225,231 **** > goto bad; > } > while (isspace(*++p)); > ! if (ep->except && strpbrk(p, ep->except)) { > warnx( > "illegal character in the \"%s\" field", > ep->prompt); > --- 225,235 ---- > goto bad; > } > while (isspace(*++p)); > ! for (q =3D p; *q && isprint(*q); q++) { > ! if (ep->except && strchr(ep->except, *q)) > ! break; > ! } > ! if (*q) { > warnx( > "illegal character in the \"%s\" field", > ep->prompt); --45Z9DzgjV8m4Oswq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6+SeyWry0BWjoQKURAkMPAKDNwBU45ER+s3/ny8MoCYlSgDamJgCdHOJx OAIS5Sg10yG5G2ZaXoX8rOE= =BHX0 -----END PGP SIGNATURE----- --45Z9DzgjV8m4Oswq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010509041914.A36212>