https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221416
Bug ID: 221416
Summary: pw useradd accepts invalid user names
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: patch, regression
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: freebsd-bugs@FreeBSD.org
Reporter: f...@fabiankeil.de
Flags: mfc-stable10?, mfc-stable11?
Created attachment 185282
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=185282=edit
pw useradd: Validate the user name before creating the entry
When the -g option is used, pw useradd doesn't validate the user name.
A command like:
pw useradd -u 1234 -g 1234 -n 'test user'
creates an invalid user.
The "-g 1234" is relevant, without it the name is rejected as expected:
[fk@test ~]$ sudo pw useradd -u 1234 -n 'test user'
pw: invalid character ` ' at position 4 in userid/group name
Bug unintentionally found with a salt config without explicit name entry:
test user:
user.present:
- uid: 1234
- gid: 1234
- fullname: Test user
- shell: /usr/local/bin/bash
- home: /home/test
- groups:
- wheel
- salt
"Luckily" salt modules rarely bother with input validation either ...
This regression was introduced when pw was refactored in 2015.
The attached patch fixes the issue and adds regression tests.
Obtained from: ElectroBSD
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"