diff options
author | H. Peter Anvin <hpa@linux.intel.com> | 2011-10-18 22:07:40 -0700 |
---|---|---|
committer | H. Peter Anvin <hpa@linux.intel.com> | 2011-10-18 22:07:40 -0700 |
commit | 1ff7e85a36b255c54ea246b698bfb9023e3d2115 (patch) | |
tree | 63046b1715df584a7bf5f719a52b63c61adeb313 | |
parent | 6fc9335a0f57cebc2ad6044e3677427ba26c9399 (diff) | |
download | kup-1ff7e85a36b255c54ea246b698bfb9023e3d2115.tar.gz |
kup-server: protect against downright idiotic user/group names
If someone has really bizarre user or group names in the system,
make sure we encode them just like we do with everything else.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
-rwxr-xr-x | kup-server | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -1015,6 +1015,7 @@ sub get_usr($) } my $usr = getpwuid($uid) || sprintf("%u", $uid); + $usr = url_encode($usr); # If we have really strange names... $uid_hash{$uid} = $usr; return $usr; @@ -1030,6 +1031,7 @@ sub get_grp($) } my $grp = getgrgid($gid) || sprintf("%u", $gid); + $grp = url_encode($grp); # If we have really strange names... $gid_hash{$gid} = $grp; return $grp; |