lib/, src/, tests/: Use LOGIN_NAME_MAX instead of sysconf(_SC_LOGIN_NAME_MAX)

This provides safer guarantees.  We should be conservative in what we
accept.

Closes: <https://github.com/shadow-maint/shadow/issues/1636>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/lib/chkname.c b/lib/chkname.c
index 0b6d9409cc9866a77a93878cc6c26db5b214ac4f..853c3d7f50293739703be4a5ba0c5d363aedcedc 100644 (file)
--- a/lib/chkname.c
+++ b/lib/chkname.c
@@ -102,7 +102,7 @@ is_valid_name(const char *name)
 bool
 is_valid_user_name(const char *name)
 {
-       if (strlen(name) >= login_name_max_size()) {
+       if (strlen(name) >= LOGIN_NAME_MAX) {
                errno = EOVERFLOW;
                return false;
        }

diff --git a/lib/sysconf.c b/lib/sysconf.c
index a9517dd2ab577be3903263cbc86bea75c56f0a29..83b9c52f985eb96983ad01d9e70a41e24510399f 100644 (file)
--- a/lib/sysconf.c
+++ b/lib/sysconf.c
@@ -9,27 +9,11 @@
 #include <unistd.h>
 
 
-#ifndef  LOGIN_NAME_MAX
-# define LOGIN_NAME_MAX  256
-#endif
-
 #ifndef  NGROUPS_MAX
 # define NGROUPS_MAX  65536
 #endif
 
 
-size_t
-login_name_max_size(void)
-{
-       long  conf;
-
-       conf = sysconf(_SC_LOGIN_NAME_MAX);
-       if (conf == -1)
-               return LOGIN_NAME_MAX;
-
-       return conf;
-}
-
 size_t
 ngroups_max_size(void)
 {

diff --git a/lib/sysconf.h b/lib/sysconf.h
index 467ef32a6e681bb47591ca568ba5ca70819fff19..8ab07856a574c9ea9aed9d08d94323094cdb7385 100644 (file)
--- a/lib/sysconf.h
+++ b/lib/sysconf.h
@@ -9,10 +9,15 @@
 
 #include "config.h"
 
+#include <limits.h>
 #include <stddef.h>
 
 
-extern size_t login_name_max_size(void);
+#ifndef  LOGIN_NAME_MAX
+# define LOGIN_NAME_MAX  256
+#endif
+
+
 extern size_t ngroups_max_size(void);
 
 #endif  // include guard

diff --git a/src/login.c b/src/login.c
index 59e39b2b4df8db76d5346ae58003769c2c050324..216e9ac3d3f52ce39f75eae1a43392fba2cae641 100644 (file)
--- a/src/login.c
+++ b/src/login.c
@@ -18,6 +18,7 @@
 #include <lastlog.h>
 #endif                                 /* ENABLE_LASTLOG */
 #endif                         /* !USE_PAM */
+#include <limits.h>
 #include <pwd.h>
 #include <signal.h>
 #include <stdio.h>
@@ -831,16 +832,13 @@ int main (int argc, char **argv)
 
                failed = false; /* haven't failed authentication yet */
                if (NULL == username) { /* need to get a login id */
-                       size_t  max_size;
-
-                       max_size = login_name_max_size();
                        if (subroot) {
                                closelog ();
                                exit (1);
                        }
                        preauth_flag = false;
-                       username = xmalloc_T(max_size, char);
-                       login_prompt(username, max_size);
+                       username = xmalloc_T(LOGIN_NAME_MAX, char);
+                       login_prompt(username, LOGIN_NAME_MAX);
 
                        if (streq(username, "")) {
                                /* Prompt for a new login */

diff --git a/tests/unit/test_chkname.c b/tests/unit/test_chkname.c
index c76b211e5f0d47661b784271682281cd2b207a9d..842337b9f5379b6d91a2cca121b519cede9db7bc 100644 (file)
--- a/tests/unit/test_chkname.c
+++ b/tests/unit/test_chkname.c
@@ -4,6 +4,7 @@
  */
 
 
+#include <limits.h>
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdlib.h>
@@ -130,19 +131,17 @@ test_is_valid_user_name_nok_otherchars(MAYBE_UNUSED void ** _1)
 static void
 test_is_valid_user_name_long(MAYBE_UNUSED void ** _1)
 {
-       size_t  max;
-       char    *name;
+       char  *name;
 
-       max = sysconf(_SC_LOGIN_NAME_MAX);
-       name = malloc_T(max + 1, char);
+       name = malloc_T(LOGIN_NAME_MAX + 1, char);
        assert_true(name != NULL);
 
-       memset(name, '_', max);
+       memset(name, '_', LOGIN_NAME_MAX);
 
-       stpcpy(&name[max], "");
+       stpcpy(&name[LOGIN_NAME_MAX], "");
        assert_true(false == is_valid_user_name(name));
 
-       stpcpy(&name[max - 1], "");
+       stpcpy(&name[LOGIN_NAME_MAX - 1], "");
        assert_true(is_valid_user_name(name));
 
        free(name);