From 28329c1475c285b0157735c8ff96558575993082 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Sat, 19 Oct 2013 21:17:29 +0200
Subject: [PATCH] Check for forbidden characters in users and group identities.
 It's limited by the file format used for storing the information.

---
 src/VfsAuthn.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/VfsAuthn.cpp b/src/VfsAuthn.cpp
index 3d65e0a..498b925 100644
--- a/src/VfsAuthn.cpp
+++ b/src/VfsAuthn.cpp
@@ -91,6 +91,9 @@ void VfsAuthn::vfsNewGroup(const std::string& groupName) throw (DmException) {
   unsigned int gid;
   GroupInfo gi;
 
+  if (groupName.find_first_of("\t\n\r") != std::string::npos)
+    vfsThrow(DMLITE_SYSERR(EINVAL), "group name can't contain tabelators or newline characters");
+
   // new gid
   gid = this->nextGid_;
   while (this->gids_.find(gid) != this->gids_.end())
@@ -113,6 +116,9 @@ void VfsAuthn::vfsNewUser(const std::string& userName) throw (DmException) {
   unsigned int uid;
   UserInfo ui;
 
+  if (userName.find_first_of("\t\r\n") != std::string::npos)
+    vfsThrow(DMLITE_SYSERR(EINVAL), "user name can't contain tabelators or newline characters");
+
   // new uid
   uid = this->nextUid_;
   while (this->uids_.find(uid) != this->uids_.end())
-- 
1.8.2.3