Input validation error in adduser and addshare

Question

Input validation error in adduser and addshare

Lanph3re opened this issue 3 years ago · 1 comments

I find that sanity_check_user_name_simple in adduser.c and sanity_check_share_name_simple in addshare.c allows non-alphanumeric strings to be added to the list.

static int sanity_check_user_name_simple(char *uname)
{
	// ...

	for (i = 0; i < sz; i++) {
		if (isalnum(uname[i]))
			return 0;
	}
	return -EINVAL;
}

isalnum returns non-zero value if a given character is alphanumeric character.

The functions mentioned return zero if the input string contains at least one alphanumeric character.

So I think the functions should be patched as follows.

static int sanity_check_user_name_simple(char *uname)
{
	// ...

	for (i = 0; i < sz; i++) {
		if (!isalnum(uname[i]))
			return -EINVAL;
	}
	return 0;
}

Thank you!

Answer 1 · 2021-12-29T03:27:22.000Z

there is no need for such a check. So It seems right to remove that check. And you can send the patch to mailing list.(linux-cifs@vger.kernel.org)