Skip to content

Commit

Permalink
more regexp, etc fixes.
Browse files Browse the repository at this point in the history
  • Loading branch information
@icculus
icculus committed Aug 10, 2004
1 parent 834255a commit dfb38dc
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions IcculusFinger_daemon.pl
View file
Expand Up @@ -906,13 +906,16 @@ sub verify_and_load_request {
$errormsg = "No user specified.";
} elsif ($user =~ /\@/) {
$errormsg = "Finger request forwarding is forbidden.";
} elsif ( (length($user) > 20) ||
($user =~ /[^A-Za-z0-9_]/) ||
($user !~ /\.\/[^\/]+/ && $files_allowed==1) ) {
} elsif (length($user) > 20) {
# The 20 char limit is just for safety against potential buffer overflows
# in finger servers, but it's more or less arbitrary.
$errormsg = "Bogus user specified.\n";
} elsif (($user =~ /[^A-Za-z0-9_]/) and ($files_allowed==0) ) {
# Anything other than A-Za-z0-9_ is probably not a username.
$errormsg = "Bogus user specified.\n";
} elsif (($user !~ /(\.\/)?[^\/]+/) and ($files_allowed==1) ) {
# If we're allowing files, then allow a "./" prefix but no other "/"s
$errormsg = "Bogus user or file specified.\n";
} else {
if (defined $fakeusers{$user}) {
$output_text = $fakeusers{$user}->();
Expand Down

0 comments on commit dfb38dc

Please sign in to comment.