lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-07-29 13:01:13 +03:00
Code Activity

misc: Add function to check username syntax

Browse Source 
Malicious code can be injected using the username with metacharacters,
therefore the username must be validated before using it with any %u.

Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Norbert Pocs
2023-12-27 20:32:18 +01:00
committed by Jakub Jelen
parent d7f7c952f2
commit ebcd6eee3c
3 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/libssh/misc.h
View File

@ -123,6 +123,7 @@ ssize_t ssh_readn(int fd, void *buf, size_t nbytes);
ssize_t ssh_writen(int fd, const void *buf, size_t nbytes); ssize_t ssh_writen(int fd, const void *buf, size_t nbytes);
int ssh_check_hostname_syntax(const char *hostname); int ssh_check_hostname_syntax(const char *hostname);
int ssh_check_username_syntax(const char *username);
#ifdef __cplusplus #ifdef __cplusplus
} }

32
src/misc.c
View File

@ -2187,4 +2187,36 @@ int ssh_check_hostname_syntax(const char *hostname)
return SSH_OK; return SSH_OK;
} }
/**
* @brief Checks syntax of a username
*
* This check disallows metacharacters in the username
*
* @param username The username to be checked, has to be null terminated
*
* @return SSH_OK if the username passes syntax check
* SSH_ERROR otherwise or if username is NULL or empty string
*/
int ssh_check_username_syntax(const char *username)
{
size_t username_len;
if (username == NULL || *username == '-') {
return SSH_ERROR;
}
username_len = strlen(username);
if (username_len == 0 || username[username_len - 1] == '\\' ||
strpbrk(username, "'`\";&<>|(){}") != NULL) {
return SSH_ERROR;
}
for (size_t i = 0; i < username_len; i++) {
if (isspace(username[i]) != 0 && username[i + 1] == '-') {
return SSH_ERROR;
}
}
return SSH_OK;
}
/** @} */ /** @} */

34
tests/unittests/torture_misc.c
View File

@ -1058,6 +1058,39 @@ static void torture_ssh_check_hostname_syntax(void **state)
assert_int_equal(rc, SSH_ERROR); assert_int_equal(rc, SSH_ERROR);
} }
static void torture_ssh_check_username_syntax(void **state) {
int rc;
(void)state;
rc = ssh_check_username_syntax("username");
assert_int_equal(rc, SSH_OK);
rc = ssh_check_username_syntax("Alice");
assert_int_equal(rc, SSH_OK);
rc = ssh_check_username_syntax("Alice and Bob");
assert_int_equal(rc, SSH_OK);
rc = ssh_check_username_syntax("n4me?");
assert_int_equal(rc, SSH_OK);
rc = ssh_check_username_syntax("alice&bob");
assert_int_equal(rc, SSH_ERROR);
rc = ssh_check_username_syntax("backslash\\");
assert_int_equal(rc, SSH_ERROR);
rc = ssh_check_username_syntax("&var|()us\"<ha`r{}'");
assert_int_equal(rc, SSH_ERROR);
rc = ssh_check_username_syntax(" -");
assert_int_equal(rc, SSH_ERROR);
rc = ssh_check_username_syntax("me and -");
assert_int_equal(rc, SSH_ERROR);
rc = ssh_check_username_syntax("los -santos");
assert_int_equal(rc, SSH_ERROR);
rc = ssh_check_username_syntax("- who?");
assert_int_equal(rc, SSH_ERROR);
rc = ssh_check_username_syntax(NULL);
assert_int_equal(rc, SSH_ERROR);
rc = ssh_check_username_syntax("");
assert_int_equal(rc, SSH_ERROR);
}
static void torture_ssh_is_ipaddr(void **state) { static void torture_ssh_is_ipaddr(void **state) {
int rc; int rc;
char *interf = malloc(64); char *interf = malloc(64);
@ -1123,6 +1156,7 @@ int torture_run_tests(void) {
cmocka_unit_test(torture_ssh_readn), cmocka_unit_test(torture_ssh_readn),
cmocka_unit_test(torture_ssh_writen), cmocka_unit_test(torture_ssh_writen),
cmocka_unit_test(torture_ssh_check_hostname_syntax), cmocka_unit_test(torture_ssh_check_hostname_syntax),
cmocka_unit_test(torture_ssh_check_username_syntax),
cmocka_unit_test(torture_ssh_is_ipaddr), cmocka_unit_test(torture_ssh_is_ipaddr),
}; };