the nested regular expression was expanded to
qr/^[(?^:A-Za-z0-9\.\-_)]+$/;
which allowed a few extra characters, including the colon ':' which is used as
delimiter inside user.cfg.
Fixes: d9582bb9b859fa77e7de1bc442f439596d1933e0 ("fix #4411: openid: add logic
for openid groups support")
Signed-off-by: Fabian Grünbichler <[email protected]>
---
src/PVE/AccessControl.pm | 2 +-
src/PVE/Auth/Plugin.pm | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 6c5a13f..350e074 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1312,7 +1312,7 @@ PVE::JSONSchema::register_format('pve-groupid',
\&verify_groupname);
sub verify_groupname {
my ($groupname, $noerr) = @_;
- if ($groupname !~ m/^[$PVE::Auth::Plugin::groupname_regex_chars]+$/) {
+ if ($groupname !~ m/^$PVE::Auth::Plugin::groupname_regex$/) {
die "group name '$groupname' contains invalid characters\n" if !$noerr;
diff --git a/src/PVE/Auth/Plugin.pm b/src/PVE/Auth/Plugin.pm
index 8fd0254..d983ab2 100755
--- a/src/PVE/Auth/Plugin.pm
+++ b/src/PVE/Auth/Plugin.pm
@@ -33,7 +33,7 @@ sub lock_domain_config {
our $realm_regex = qr/[A-Za-z][A-Za-z0-9\.\-_]+/;
our $user_regex = qr![^\s:/]+!;
-our $groupname_regex_chars = qr/A-Za-z0-9\.\-_/;
+our $groupname_regex = qr/[A-Za-z0-9\.\-_]+/;
PVE::JSONSchema::register_format('pve-realm', \&pve_verify_realm);
--
2.47.3
_______________________________________________
pve-devel mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
