From 80285e3e194993731e573e5ffa1eba819e283ddd Mon Sep 17 00:00:00 2001 From: Alan Somers Date: Wed, 13 Jul 2016 17:09:20 +0000 Subject: pw should sanitize the argument of -w. Otherwise, it will silently disable the login for the selected account if the argument is unrecognizable. usr.sbin/pw/pw.h usr.sbin/pw/pw_conf.c usr.sbin/pw/pw_user.c Use separate rules to validate boolean parameters and passwd parameters. Error out if a password parameter cannot be parsed. usr.sbin/pw/tests/Makefile usr.sbin/pw/tests/crypt.c usr.sbin/pw/tests/pw_useradd.sh usr.sbin/pw/tests/pw_usermod.sh Add tests for the validation. Also, enhance existing password-related tests to actually validate that the correct hash is written to master.passwd. Reviewed by: bapt MFC after: 4 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D6840 --- pw/pw_conf.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'pw/pw_conf.c') diff --git a/pw/pw_conf.c b/pw/pw_conf.c index d30c80e..a3bd0bd 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -180,6 +180,22 @@ boolean_val(char const * str, int dflt) if ((str = unquote(str)) != NULL) { int i; + for (i = 0; booltrue[i]; i++) + if (strcmp(str, booltrue[i]) == 0) + return 1; + for (i = 0; boolfalse[i]; i++) + if (strcmp(str, boolfalse[i]) == 0) + return 0; + } + return dflt; +} + +int +passwd_val(char const * str, int dflt) +{ + if ((str = unquote(str)) != NULL) { + int i; + for (i = 0; booltrue[i]; i++) if (strcmp(str, booltrue[i]) == 0) return 1; @@ -194,6 +210,8 @@ boolean_val(char const * str, int dflt) return -1; if (strcmp(str, "none") == 0) return -2; + + errx(1, "Invalid value for default password"); } return dflt; } @@ -258,7 +276,7 @@ read_userconfig(char const * file) #endif switch (i) { case _UC_DEFAULTPWD: - config.default_password = boolean_val(q, 1); + config.default_password = passwd_val(q, 1); break; case _UC_REUSEUID: config.reuse_uids = boolean_val(q, 0); -- cgit v1.2.3-56-ge451