pretty confident a regex wont fly :) On 04/04/2012, at 11:34 PM, Bjvrn Ketelaars wrote:
> 2012/4/3 Theo de Raadt <dera...@cvs.openbsd.org>: >> Hmm, I'd like to see that refactored somehow. >> >> Also, '-' should not be legal at the start of a login name. There >> are things that care. I think at the end it is OK, though. >> >> Crazy eh. Isn't there something else in libc that checks this? > > New diff: > > Index: login_yubikey.c > =================================================================== > RCS file: /cvs/src/libexec/login_yubikey/login_yubikey.c,v > retrieving revision 1.4 > diff -u -r1.4 login_yubikey.c > --- login_yubikey.c 1 Feb 2012 16:07:28 -0000 1.4 > +++ login_yubikey.c 4 Apr 2012 13:23:01 -0000 > @@ -36,6 +36,7 @@ > #include <ctype.h> > #include <login_cap.h> > #include <pwd.h> > +#include <regex.h> > #include <stdarg.h> > #include <stdio.h> > #include <stdlib.h> > @@ -165,12 +166,15 @@ > static int > clean_string(const char *s) > { > - while (*s) { > - if (!isalnum(*s) && *s != '-' && *s != '_') > - return (0); > - ++s; > - } > - return (1); > + char p[] = "^[0-9a-z_]+(($|[0-9a-z_-]$)|([0-9a-z\\._-]+[0-9a-z_-]$))"; > + int ret = 0; > + regex_t r; > + > + regcomp(&r,p,REG_EXTENDED); > + if (regexec(&r,s,0,0,0) == 0) > + ret = 1; > + regfree(&r); > + return (ret); > } > > static int