diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2015-03-31 12:54:34 +0300 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2015-04-23 22:57:09 +0300 |
commit | f0b38a8af6ef6b62b8911db5ec3d77c93e32ebe0 (patch) | |
tree | 4d26a9179be42c43287df24da11a157b8e521127 /winsup/cygwin/uinfo.cc | |
parent | b3a09ae34bd691c95bc41a594a40a808455d748a (diff) |
Don't allow fully qualified Windows account names.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Don't allow fully
qualified Windows account names (domain\user or user@domain).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diffstat (limited to 'winsup/cygwin/uinfo.cc')
-rw-r--r-- | winsup/cygwin/uinfo.cc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index f78e484dd..6186327b6 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -1827,6 +1827,13 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) fq_name = false; /* Copy over to wchar for search. */ sys_mbstowcs (name, UNLEN + 1, arg.name); + /* If the incoming name has a backslash or at sign, and neither backslash + nor at are the domain separator chars, the name is invalid. */ + if ((p = wcspbrk (name, L"\\@")) && *p != cygheap->pg.nss_separator ()[0]) + { + debug_printf ("Invalid account name <%s> (backslash/at)", arg.name); + return NULL; + } /* Replace domain separator char with backslash and make sure p is NULL or points to the backslash. */ if ((p = wcschr (name, cygheap->pg.nss_separator ()[0]))) |