Input validation error in adduser and addshare
Lanph3re opened this issue · 1 comments
Lanph3re commented
I find that sanity_check_user_name_simple
in adduser.c
and sanity_check_share_name_simple
in addshare.c
allows non-alphanumeric strings to be added to the list.
static int sanity_check_user_name_simple(char *uname)
{
// ...
for (i = 0; i < sz; i++) {
if (isalnum(uname[i]))
return 0;
}
return -EINVAL;
}
isalnum
returns non-zero value if a given character is alphanumeric character.
The functions mentioned return zero if the input string contains at least one alphanumeric character.
So I think the functions should be patched as follows.
static int sanity_check_user_name_simple(char *uname)
{
// ...
for (i = 0; i < sz; i++) {
if (!isalnum(uname[i]))
return -EINVAL;
}
return 0;
}
Thank you!
namjaejeon commented
there is no need for such a check. So It seems right to remove that check. And you can send the patch to mailing list.(linux-cifs@vger.kernel.org)