lib/chkname.c: login_name_max_size(): Put limits for LOGIN_NAME_MAX and sysconf(_SC_L...

GNU Hurd doesn't define LOGIN_NAME_MAX.  GNU Hurd recommends having no
system limits.  When a program needs a limit, because it needs to
validate user input, it is recommended that each program defines its own
limit macros.  The rationale is that this avoids hard-coded limits in
ABIs, which cannot be modified ever.

However, that doesn't mean that programs should have no limits at all.
We use this limit for validating user input, and so we shouldn't allow
anything just because the system doesn't want to set a limit.

So, when sysconf(2) returns -1, either due to an error or due to a claim
for no limits, we must fall back to the LOGIN_NAME_MAX value.  And if
the system doesn't define that value, we must define it ourselves (we're
more or less free to choose any value, so let's pick the one that glibc
provides nowadays).

Fixes: 6a1f45d932c8 (2024-02-04; "lib/chkname.c: Support unlimited user name lengths")
Closes: <https://github.com/shadow-maint/shadow/issues/1166>
Cc: Chris Hofstaedtler <zeha@debian.org>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/lib/chkname.c b/lib/chkname.c
index 98f7917062dd46c7a3ff349310720f597df52acb..bee2e6bd7a74ca3bf9aa7cad058a585e225780d3 100644 (file)
--- a/lib/chkname.c
+++ b/lib/chkname.c
@@ -2,7 +2,7 @@
 // SPDX-FileCopyrightText: 1996-2000, Marek Michałkiewicz
 // SPDX-FileCopyrightText: 2001-2005, Tomasz Kłoczko
 // SPDX-FileCopyrightText: 2005-2008, Nicolas François
-// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-FileCopyrightText: 2023-2025, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 
 
@@ -27,8 +27,6 @@
 #include <limits.h>
 #include <stdbool.h>
 #include <stddef.h>
-#include <stdint.h>
-#include <sys/param.h>
 #include <unistd.h>
 
 #include "defines.h"
@@ -36,6 +34,11 @@
 #include "string/strcmp/streq.h"
 
 
+#ifndef  LOGIN_NAME_MAX
+# define LOGIN_NAME_MAX  256
+#endif
+
+
 int allow_bad_names = false;
 
 
@@ -44,12 +47,11 @@ login_name_max_size(void)
 {
        long  conf;
 
-       errno = 0;
        conf = sysconf(_SC_LOGIN_NAME_MAX);
-       if (conf == -1 && errno != 0)
+       if (conf == -1)
                return LOGIN_NAME_MAX;
 
-       return MIN(conf, PTRDIFF_MAX);
+       return conf;
 }