Don't allow fully qualified Windows account names.

* uinfo.cc (pwdgrp::fetch_account_from_windows): Don't allow fully qualified Windows account names (domain\user or user@domain). Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-31 11:54:34 +02:00
parent b3a09ae34b
commit f0b38a8af6
2 changed files with 12 additions and 0 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2015-03-31  Corinna Vinschen  <corinna@vinschen.de>
+
+	* uinfo.cc (pwdgrp::fetch_account_from_windows): Don't allow fully
+	qualified Windows account names (domain\user or user@domain).
+
 2015-03-31  Corinna Vinschen  <corinna@vinschen.de>

 	* localtime.cc (tzset_unlocked): Export as _tzset_unlocked.
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -1827,6 +1827,13 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
      fq_name = false;
      /* Copy over to wchar for search. */
      sys_mbstowcs (name, UNLEN + 1, arg.name);
+      /* If the incoming name has a backslash or at sign, and neither backslash
+	 nor at are the domain separator chars, the name is invalid. */
+      if ((p = wcspbrk (name, L"\\@")) && *p != cygheap->pg.nss_separator ()[0])
+	{
+	  debug_printf ("Invalid account name <%s> (backslash/at)", arg.name);
+	  return NULL;
+	}
      /* Replace domain separator char with backslash and make sure p is NULL
 	 or points to the backslash. */
      if ((p = wcschr (name, cygheap->pg.nss_separator ()[0])))