From: David Gwynne (lokianimata.net)
Date: Wed Apr 04 2012 - 08:56:59 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

pretty confident a regex wont fly :)

On 04/04/2012, at 11:34 PM, Bjvrn Ketelaars wrote:

> 2012/4/3 Theo de Raadt <deraadtcvs.openbsd.org>:
>> Hmm, I'd like to see that refactored somehow.
>>
>> Also, '-' should not be legal at the start of a login name. There
>> are things that care. I think at the end it is OK, though.
>>
>> Crazy eh. Isn't there something else in libc that checks this?
>
> New diff:
>
> Index: login_yubikey.c
> ===================================================================
> RCS file: /cvs/src/libexec/login_yubikey/login_yubikey.c,v
> retrieving revision 1.4
> diff -u -r1.4 login_yubikey.c
> --- login_yubikey.c 1 Feb 2012 16:07:28 -0000 1.4
> +++ login_yubikey.c 4 Apr 2012 13:23:01 -0000
> -36,6 +36,7
> #include <ctype.h>
> #include <login_cap.h>
> #include <pwd.h>
> +#include <regex.h>
> #include <stdarg.h>
> #include <stdio.h>
> #include <stdlib.h>
> -165,12 +166,15
> static int
> clean_string(const char *s)
> {
> - while (*s) {
> - if (!isalnum(*s) && *s != '-' && *s != '_')
> - return (0);
> - ++s;
> - }
> - return (1);
> + char p[] = "^[0-9a-z_]+(($|[0-9a-z_-]$)|([0-9a-z\\._-]+[0-9a-z_-]$))";
> + int ret = 0;
> + regex_t r;
> +
> + regcomp(&r,p,REG_EXTENDED);
> + if (regexec(&r,s,0,0,0) == 0)
> + ret = 1;
> + regfree(&r);
> + return (ret);
> }
>
> static int

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]