noffle: src/group.c comparison

[svn] see Changelog Dec 18 2001

comparison

equal deleted inserted replaced

-:c48d7e881a21
+:1ad2602f57db
 the groups we know of. One database record is cached in the global struct
 grp. Group information is transfered between the grp and the database by
 loadGrp() and saveGrp(). This is done transparently. Access to the groups
 database is done by group name, by the functions defined in group.h.
-$Id: group.c 316 2001-10-31 11:44:53Z bears $
+$Id: group.c 358 2001-12-18 15:27:08Z mirkol $
 */
 #if HAVE_CONFIG_H
 #include <config.h>
 #endif
 cursor = gdbm_nextkey( grp.dbf, cursor );
 free( oldDptr );
 *name = cursor.dptr;
 return ( cursor.dptr != NULL );
 }
+Bool
+Grp_isValidGroupName( const char *name)
+{
+const char *pname, *ppat;
+const char *illegalchars = "\t\n\r,";  /* Are there any other illegal characters? */
+/* Find directory prefixes to prevent exploits. */
+switch ( name[0] )
+{
+case '.':   /* prevent noffle -C ../fetchlist */
+case '/':   /* prevent noffle -C /etc/noffle.conf */
+case ':':
+case '\\':
+return FALSE; /* group name invalid */
+}
+/* Find illegal characters. */
+if ( strpbrk( name, illegalchars ) )
+return FALSE;
+/* Find "all", "all.*", "*.all" or "*.all.*"  */
+pname = name;
+while ( ppat = strstr( pname, "all" ) )
+{
+if ( ( ppat == name || *(ppat - 1) == '.'  )
+&& ( *(ppat+4) == '\0' || *(ppat+4) == '.' ) )
+return FALSE;
+else
+pname += 3;
+}
+/* Group name is hopefully valid. */
+return TRUE;
+}

Mercurial > noffle