Commit 735875cc authored by Niels Möller's avatar Niels Möller
Browse files

* src/server_password.c (do_authenticate): Disallow control

characters in user names.
* src/server_userauth.c (do_none_preauth): Likewise.
* src/server_publickey.c (do_authenticate): Likewise.

Rev: src/server_password.c:1.35
Rev: src/server_publickey.c:1.27
Rev: src/server_userauth.c:1.44
parent 4f0a1df5
...@@ -58,7 +58,7 @@ do_authenticate(struct userauth *s, ...@@ -58,7 +58,7 @@ do_authenticate(struct userauth *s,
int change_passwd; int change_passwd;
username = utf8_to_local(username, 1, 1); username = utf8_to_local(username, utf8_paranoid, 1);
if (!username) if (!username)
{ {
PROTOCOL_ERROR(e, "Invalid utf8 in username."); PROTOCOL_ERROR(e, "Invalid utf8 in username.");
...@@ -85,7 +85,7 @@ do_authenticate(struct userauth *s, ...@@ -85,7 +85,7 @@ do_authenticate(struct userauth *s,
{ {
struct lsh_user *user; struct lsh_user *user;
password = utf8_to_local(password, 1, 1); password = utf8_to_local(password, 0, 1);
if (!password) if (!password)
{ {
......
...@@ -78,7 +78,7 @@ do_authenticate(struct userauth *s, ...@@ -78,7 +78,7 @@ do_authenticate(struct userauth *s,
int algorithm; int algorithm;
int check_key; int check_key;
username = utf8_to_local(username, 1, 1); username = utf8_to_local(username, utf8_paranoid, 1);
if (!username) if (!username)
{ {
PROTOCOL_ERROR(e, "Invalid utf8 in username."); PROTOCOL_ERROR(e, "Invalid utf8 in username.");
......
...@@ -372,7 +372,7 @@ do_none_preauth(struct userauth *s UNUSED, ...@@ -372,7 +372,7 @@ do_none_preauth(struct userauth *s UNUSED,
struct command_continuation *c, struct command_continuation *c,
struct exception_handler *e) struct exception_handler *e)
{ {
username = utf8_to_local(username, 1, 1); username = utf8_to_local(username, utf8_paranoid, 1);
if (!username) if (!username)
{ {
PROTOCOL_ERROR(e, "Invalid utf8 in username."); PROTOCOL_ERROR(e, "Invalid utf8 in username.");
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment