diff options
| author | Andrew Tridgell <tridge@samba.org> | 2001-07-04 04:17:58 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2001-07-04 04:17:58 +0000 |
| commit | 657836599a847578096696af27cd7c9f0d52c931 (patch) | |
| tree | f9fc611b53329b532fbce7d97841a6b2423b9a8b | |
| parent | 69d90a8af167d53ebdb6d7aeef41b28b672288d1 (diff) | |
| download | samba-657836599a847578096696af27cd7c9f0d52c931.tar.gz samba-657836599a847578096696af27cd7c9f0d52c931.tar.xz samba-657836599a847578096696af27cd7c9f0d52c931.zip | |
check for bad usernames early in session setup
| -rw-r--r-- | source/smbd/reply.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/source/smbd/reply.c b/source/smbd/reply.c index d27f7842eb4..edcc3f48382 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -858,6 +858,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int domain,native_os,native_lanman)); } + /* don't allow for weird usernames */ + alpha_strcpy(user, user, ". _-", sizeof(user)); + if (strstr(user, "..")) { + return bad_password_error(inbuf, outbuf); + } + DEBUG(3,("sesssetupX:name=[%s]\n",user)); /* If name ends in $ then I think it's asking about whether a */ |