From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 6 Jan 2021 11:56:08 +0000 (+0000)
Subject: misc-progs: sambactrl: Sanitise username
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=64883513d5940c17afe2fcf1d876feae61921ea9;p=people%2Fms%2Fipfire-2.x.git

misc-progs: sambactrl: Sanitise username

Fixes: #12562
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/misc-progs/sambactrl.c b/src/misc-progs/sambactrl.c
index adcfe4628c..eee396e7e6 100644
--- a/src/misc-progs/sambactrl.c
+++ b/src/misc-progs/sambactrl.c
@@ -20,14 +20,29 @@ int main(int argc, char *argv[]) {
 		return 1;
 
 	} else if (strcmp(argv[1], "smbuserdisable") == 0) {
+		if (!is_valid_argument_alnum(argv[2])) {
+			fprintf(stderr, "Invalid username '%s'\n", argv[2]);
+			exit(2);
+		}
+
 		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -d %s >/dev/null", argv[2]);
 		safe_system(command);
 
 	} else if (strcmp(argv[1], "smbuserenable") == 0) {
+		if (!is_valid_argument_alnum(argv[2])) {
+			fprintf(stderr, "Invalid username '%s'\n", argv[2]);
+			exit(2);
+		}
+
 		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -e %s >/dev/null", argv[2]);
 		safe_system(command);
 
 	} else if (strcmp(argv[1], "smbuserdelete") == 0) {
+		if (!is_valid_argument_alnum(argv[2])) {
+			fprintf(stderr, "Invalid username '%s'\n", argv[2]);
+			exit(2);
+		}
+
 		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -x %s >/dev/null", argv[2]);
 		safe_system(command);
 
@@ -56,6 +71,11 @@ int main(int argc, char *argv[]) {
 		safe_system(command);
 
 	} else if (strcmp(argv[1], "smbuseradd") == 0) {
+		if (!is_valid_argument_alnum(argv[2])) {
+			fprintf(stderr, "Invalid username '%s'\n", argv[2]);
+			exit(2);
+		}
+
 		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambauser >/dev/null");
 		safe_system(command);
 
@@ -69,6 +89,11 @@ int main(int argc, char *argv[]) {
 		safe_system(command);
 
 	} else if (strcmp(argv[1], "smbchangepw") == 0) {
+		if (!is_valid_argument_alnum(argv[2])) {
+			fprintf(stderr, "Invalid username '%s'\n", argv[2]);
+			exit(2);
+		}
+
 		snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
 		safe_system(command);