pretty confident a regex wont fly :)
On 04/04/2012, at 11:34 PM, Bjvrn Ketelaars wrote:
> 2012/4/3 Theo de Raadt <dera...@cvs.openbsd.org>:
>> Hmm, I'd like to see that refactored somehow.
>>
>> Also, '-' should not be legal at the start of a login name. There
>> are things that care. I think at the end it is OK, though.
>>
>> Crazy eh. Isn't there something else in libc that checks this?
>
> New diff:
>
> Index: login_yubikey.c
> ===================================================================
> RCS file: /cvs/src/libexec/login_yubikey/login_yubikey.c,v
> retrieving revision 1.4
> diff -u -r1.4 login_yubikey.c
> --- login_yubikey.c 1 Feb 2012 16:07:28 -0000 1.4
> +++ login_yubikey.c 4 Apr 2012 13:23:01 -0000
> @@ -36,6 +36,7 @@
> #include <ctype.h>
> #include <login_cap.h>
> #include <pwd.h>
> +#include <regex.h>
> #include <stdarg.h>
> #include <stdio.h>
> #include <stdlib.h>
> @@ -165,12 +166,15 @@
> static int
> clean_string(const char *s)
> {
> - while (*s) {
> - if (!isalnum(*s) && *s != '-' && *s != '_')
> - return (0);
> - ++s;
> - }
> - return (1);
> + char p[] = "^[0-9a-z_]+(($|[0-9a-z_-]$)|([0-9a-z\\._-]+[0-9a-z_-]$))";
> + int ret = 0;
> + regex_t r;
> +
> + regcomp(&r,p,REG_EXTENDED);
> + if (regexec(&r,s,0,0,0) == 0)
> + ret = 1;
> + regfree(&r);
> + return (ret);
> }
>
> static int
