Lines 158-164
check_tty(const char *tty)
Link Here
|
158 |
tty = strrchr(tty, '/') + 1; |
158 |
tty = strrchr(tty, '/') + 1; |
159 |
} |
159 |
} |
160 |
/* Make sure the tty wasn't actually a directory (no basename). */ |
160 |
/* Make sure the tty wasn't actually a directory (no basename). */ |
161 |
if (strlen(tty) == 0) { |
161 |
if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) { |
162 |
return NULL; |
162 |
return NULL; |
163 |
} |
163 |
} |
164 |
return tty; |
164 |
return tty; |
Lines 243-248
get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen)
Link Here
|
243 |
if (pwd != NULL) { |
243 |
if (pwd != NULL) { |
244 |
ruser = pwd->pw_name; |
244 |
ruser = pwd->pw_name; |
245 |
} |
245 |
} |
|
|
246 |
} else { |
247 |
/* |
248 |
* This ruser is used by format_timestamp_name as a component |
249 |
* of constructed timestamp pathname, so ".", "..", and '/' |
250 |
* are disallowed to avoid potential path traversal issues. |
251 |
*/ |
252 |
if (!strcmp(ruser, ".") || |
253 |
!strcmp(ruser, "..") || |
254 |
strchr(ruser, '/')) { |
255 |
ruser = NULL; |
256 |
} |
246 |
} |
257 |
} |
247 |
if (ruser == NULL || strlen(ruser) >= ruserbuflen) { |
258 |
if (ruser == NULL || strlen(ruser) >= ruserbuflen) { |
248 |
*ruserbuf = '\0'; |
259 |
*ruserbuf = '\0'; |
249 |
- |
|
|