Verify that the username length is smaller than MAXLOGNAME when

asked to verify a passwd file (pwd_mkdb -C). Entries with oversized usernames are still permitted when building the passwd database. When entries are >= MAXLOGNAME in length, they are correctly stored in passwd, pwd.db and spwd.db but are only correctly retrieved by getpwent*() and getpwuid*(). getpwnam*() truncates to MAXLOGNAME - 1 when reading from a file (breaking at least sh, tcsh and bash) and utilities such as su(1) check, complain and fail if the passed name is >= MAXLOGNAME in length. MFC after: 3 weeks
svn path=/head/; revision=192432
2009-05-20 08:32:25 +00:00 · 2009-05-20 08:32:25 +00:00 · 15344a5690 · 2020-12-20 02:59:44 +00:00
commit 15344a5690
parent 866772cfa7
1 changed files with 5 additions and 1 deletions
--- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
+++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c
@ -204,7 +204,11 @@ main(int argc, char *argv[])

 	/* check only if password database is valid */
 	if (Cflag) {
-		for (cnt = 1; scan(fp, &pwd); ++cnt);
+		while (scan(fp, &pwd))
+			if (!is_comment && strlen(pwd.pw_name) >= MAXLOGNAME) {
+				warnx("%s: username too long", pwd.pw_name);
+				exit(1);
+			}
 		exit(0);
 	}