diff options
-rw-r--r-- | src/tools/sss_seed.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c index bcb260a1b..9b8f69b12 100644 --- a/src/tools/sss_seed.c +++ b/src/tools/sss_seed.c @@ -196,6 +196,14 @@ static int seed_password_input_prompt(TALLOC_CTX *mem_ctx, char **_password) ret = EINVAL; goto done; } + + /* Do not allow empty passwords */ + if (strlen(temp) == 0) { + ERROR("Empty passwords are not allowed.\n"); + ret = EINVAL; + goto done; + } + password = talloc_strdup(tmp_ctx, temp); if (password == NULL) { ret = ENOMEM; @@ -235,6 +243,8 @@ static int seed_password_input_file(TALLOC_CTX *mem_ctx, uint8_t buf[PASS_MAX+1]; int fd = -1; int ret = EOK; + int valid_i; + int i; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -266,6 +276,32 @@ static int seed_password_input_file(TALLOC_CTX *mem_ctx, close(fd); buf[len] = '\0'; + /* Only the first line is valid (without '\n'). */ + for (valid_i = -1; valid_i + 1 < len; valid_i++) { + if (buf[valid_i + 1] == '\n') { + buf[valid_i + 1] = '\0'; + break; + } + } + + /* Do not allow empty passwords. */ + if (valid_i < 0) { + ERROR("Empty passwords are not allowed.\n"); + ret = EINVAL; + goto done; + } + + /* valid_i is the last valid index of the password followed by \0. + * If characters other than \n occur int the rest of the file, it + * is an error. */ + for (i = valid_i + 2; i < len; i++) { + if (buf[i] != '\n') { + ERROR("Multi-line passwords are not allowed.\n"); + ret = EINVAL; + goto done; + } + } + password = talloc_strdup(tmp_ctx, (char *)buf); if (password == NULL) { ret = ENOMEM; |