summaryrefslogtreecommitdiff
path: root/libexec/rpc.yppasswdd
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1996-08-30 13:09:15 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1996-08-30 13:09:15 +0000
commitdd06f4eab410a3f9110af8117fcb079fcc2ea496 (patch)
treefd5ea755454aec44fbf8179d9b47790bff7b5d5c /libexec/rpc.yppasswdd
parent6da6dd2767c0a30b592c578de60f8c4ba48cfbf7 (diff)
more careful; found by das33@cornell.edu fixed by me
Diffstat (limited to 'libexec/rpc.yppasswdd')
-rw-r--r--libexec/rpc.yppasswdd/yppasswdd_mkpw.c24
1 files changed, 16 insertions, 8 deletions
diff --git a/libexec/rpc.yppasswdd/yppasswdd_mkpw.c b/libexec/rpc.yppasswdd/yppasswdd_mkpw.c
index cc76f49c808..a3b6c60b543 100644
--- a/libexec/rpc.yppasswdd/yppasswdd_mkpw.c
+++ b/libexec/rpc.yppasswdd/yppasswdd_mkpw.c
@@ -30,7 +30,7 @@
*/
#ifndef LINT
-static char rcsid[] = "$Id: yppasswdd_mkpw.c,v 1.5 1996/08/08 16:14:50 deraadt Exp $";
+static char rcsid[] = "$Id: yppasswdd_mkpw.c,v 1.6 1996/08/30 13:09:14 deraadt Exp $";
#endif
#include <sys/types.h>
@@ -50,14 +50,22 @@ extern int make;
extern char make_arg[];
int
-badchar(base, match)
- char *base, *match;
+badchars(base)
+ char *base;
{
char *s = match;
+ int ampr = 0;
- while (*s)
- if (strchr(base, *s++))
+ for (s = match; *s; s++) {
+ if (*s == '&')
+ ampr++;
+ if (!isprint(*s))
return 1;
+ if (strchr(":\n\t\r", *s))
+ return 1;
+ }
+ if (ampr > 10)
+ return 1;
return 0;
}
@@ -75,11 +83,11 @@ make_passwd(argp)
if (strcmp(crypt(argp->oldpass, pw->pw_passwd), pw->pw_passwd) != 0)
return (1);
- if (!nopw && badchar(argp->newpw.pw_passwd, ":\n\t"))
+ if (!nopw && badchars(argp->newpw.pw_passwd))
return (1);
- if (!nogecos && badchar(argp->newpw.pw_gecos, ":\n\t"))
+ if (!nogecos && badchars(argp->newpw.pw_gecos))
return (1);
- if (!nogecos && badchar(argp->newpw.pw_shell, ":\n\t"))
+ if (!nogecos && badchars(argp->newpw.pw_shell))
return (1);
pw_init();