From e9e9b3528bf75d192d0a273a1d3f7e11a83103f7 Mon Sep 17 00:00:00 2001 From: Alan Somers Date: Wed, 13 Jul 2016 17:09:20 +0000 Subject: pw should sanitize the argument of -w. Otherwise, it will silently disable the login for the selected account if the argument is unrecognizable. usr.sbin/pw/pw.h usr.sbin/pw/pw_conf.c usr.sbin/pw/pw_user.c Use separate rules to validate boolean parameters and passwd parameters. Error out if a password parameter cannot be parsed. usr.sbin/pw/tests/Makefile usr.sbin/pw/tests/crypt.c usr.sbin/pw/tests/pw_useradd.sh usr.sbin/pw/tests/pw_usermod.sh Add tests for the validation. Also, enhance existing password-related tests to actually validate that the correct hash is written to master.passwd. Reviewed by: bapt MFC after: 4 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D6840 --- pw/pw.h | 1 + 1 file changed, 1 insertion(+) (limited to 'pw/pw.h') diff --git a/pw/pw.h b/pw/pw.h index b389f12..05a51c2 100644 --- a/pw/pw.h +++ b/pw/pw.h @@ -93,6 +93,7 @@ int groupadd(struct userconf *, char *name, gid_t id, char *members, int fd, int nis_update(void); int boolean_val(char const * str, int dflt); +int passwd_val(char const * str, int dflt); char const *boolean_str(int val); char *newstr(char const * p); -- cgit v1.2.3