Don't allow fully qualified Windows account names.

	* uinfo.cc (pwdgrp::fetch_account_from_windows): Don't allow fully
	qualified Windows account names (domain\user or user@domain).

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

2 files changed, 12 insertions, 0 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 79ae5a9a1..68171f6ca 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,10 @@
 2015-03-31  Corinna Vinschen  <corinna@vinschen.de>
 
+	* uinfo.cc (pwdgrp::fetch_account_from_windows): Don't allow fully
+	qualified Windows account names (domain\user or user@domain).
+
+2015-03-31  Corinna Vinschen  <corinna@vinschen.de>
+
 	* localtime.cc (tzset_unlocked): Export as _tzset_unlocked.
 
 2015-03-30  Yaakov Selkowitz  <yselkowi@redhat.com>
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index f78e484dd..6186327b6 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -1827,6 +1827,13 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
       fq_name = false;
       /* Copy over to wchar for search. */
       sys_mbstowcs (name, UNLEN + 1, arg.name);
+      /* If the incoming name has a backslash or at sign, and neither backslash
+	 nor at are the domain separator chars, the name is invalid. */
+      if ((p = wcspbrk (name, L"\\@")) && *p != cygheap->pg.nss_separator ()[0])
+	{
+	  debug_printf ("Invalid account name <%s> (backslash/at)", arg.name);
+	  return NULL;
+	}
       /* Replace domain separator char with backslash and make sure p is NULL
 	 or points to the backslash. */
       if ((p = wcschr (name, cygheap->pg.nss_separator ()[0])))