From: Andrew Tridgell <tridge@samba.org> 
Date: Wed, 4 Jul 2001 04:17:58 +0000 (+0000)
Subject: check for bad usernames early in session setup
X-Git-Tag: samba-2.2.5pre1~1861^2~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=657836599a847578096696af27cd7c9f0d52c931;p=thirdparty%2Fsamba.git

check for bad usernames early in session setup
---

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index d27f7842eb4..edcc3f48382 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -858,6 +858,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
 	     domain,native_os,native_lanman));
   }
 
+  /* don't allow for weird usernames */
+  alpha_strcpy(user, user, ". _-", sizeof(user));
+  if (strstr(user, "..")) {
+	  return bad_password_error(inbuf, outbuf);
+  }
+
   DEBUG(3,("sesssetupX:name=[%s]\n",user));
 
   /* If name ends in $ then I think it's asking about whether a */