40 lines
1.2 KiB
Plaintext
40 lines
1.2 KiB
Plaintext
diff -ur ../pam_mount-0.18/src/pam_mount.c ./src/pam_mount.c
|
|
--- src/pam_mount.c 2007-03-12 12:01:49.000000000 -0400
|
|
+++ src/pam_mount.c 2007-03-12 11:01:53.000000000 -0400
|
|
@@ -328,7 +328,7 @@
|
|
log_argv(_argv);
|
|
|
|
if(!spawn_apS(NULL, _argv, NULL, G_SPAWN_DO_NOT_REAP_CHILD, set_myuid,
|
|
- user, &pid, NULL, &cstdout, NULL, &err)) {
|
|
+ NULL, &pid, NULL, &cstdout, NULL, &err)) {
|
|
l0g(PMPREFIX "error executing /usr/sbin/pmvarrun\n");
|
|
fnval = -1;
|
|
goto _return;
|
|
diff -ur ../pam_mount-0.18/src/pmvarrun.c ./src/pmvarrun.c
|
|
--- src/pmvarrun.c 2006-07-28 18:43:41.000000000 -0400
|
|
+++ src/pmvarrun.c 2007-03-12 12:02:22.000000000 -0400
|
|
@@ -95,6 +95,11 @@
|
|
return;
|
|
}
|
|
|
|
+static int user_sanity_check (const char *user)
|
|
+{
|
|
+ size_t len = strlen(user);
|
|
+ return strstr(user, "../") || user[0] == '-' || user[len - 1] == '/';
|
|
+}
|
|
|
|
/* parse_args
|
|
@argc: number of elements in @argv
|
|
@@ -129,6 +134,11 @@
|
|
usage(EXIT_FAILURE, "count string is not valid");
|
|
break;
|
|
case 'u':
|
|
+ if (user_sanity_check (optarg)) {
|
|
+ fprintf(stderr, "Invalid user name\n");
|
|
+ exit (EXIT_FAILURE);
|
|
+ }
|
|
+
|
|
g_strlcpy(settings->user, optarg,
|
|
sizeof(settings->user));
|
|
break;
|