From 1c7ac6e19028bc93f237557e781f1bf98ee29ea5 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Tue, 31 Mar 2015 11:54:34 +0200 Subject: [PATCH] Don't allow fully qualified Windows account names. * uinfo.cc (pwdgrp::fetch_account_from_windows): Don't allow fully qualified Windows account names (domain\user or user@domain). Signed-off-by: Corinna Vinschen --- winsup/cygwin/ChangeLog | 5 +++++ winsup/cygwin/uinfo.cc | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 09749e0b8..0e23b0391 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,8 @@ +2015-03-31 Corinna Vinschen + + * uinfo.cc (pwdgrp::fetch_account_from_windows): Don't allow fully + qualified Windows account names (domain\user or user@domain). + 2015-03-31 Corinna Vinschen * localtime.cc (tzset_unlocked): Export as _tzset_unlocked. diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index f78e484dd..6186327b6 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -1827,6 +1827,13 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) fq_name = false; /* Copy over to wchar for search. */ sys_mbstowcs (name, UNLEN + 1, arg.name); + /* If the incoming name has a backslash or at sign, and neither backslash + nor at are the domain separator chars, the name is invalid. */ + if ((p = wcspbrk (name, L"\\@")) && *p != cygheap->pg.nss_separator ()[0]) + { + debug_printf ("Invalid account name <%s> (backslash/at)", arg.name); + return NULL; + } /* Replace domain separator char with backslash and make sure p is NULL or points to the backslash. */ if ((p = wcschr (name, cygheap->pg.nss_separator ()[0])))