diff options
author | Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2021-05-11 13:37:46 +0300 |
---|---|---|
committer | Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2021-05-20 19:11:09 +0300 |
commit | ebf1d1e6045b066431c78a44e250e051ac0361ed (patch) | |
tree | 38c420f2ce7deace4405426b60078a7527f7b43c /src/utils.hpp | |
parent | 0315081e9ea897772f3db6946364a2018a27d649 (diff) | |
download | virtual-media-ebf1d1e6045b066431c78a44e250e051ac0361ed.tar.xz |
Validate user name for CIFS
Providing comma (,) in username can lead to inject some unappropriate
mount options. In opposite to password, username is not escaped by
kernel driver so we have to disallow such entries.
Tested:
Manually mounting CIFS share with comma
Change-Id: I20ff5089d04f07d7e6aa3190fe83babdd7acfe96
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
Diffstat (limited to 'src/utils.hpp')
-rw-r--r-- | src/utils.hpp | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/utils.hpp b/src/utils.hpp index ebbdaf6..fd2e320 100644 --- a/src/utils.hpp +++ b/src/utils.hpp @@ -1,13 +1,13 @@ #pragma once +#include <algorithm> #include <boost/process/async_pipe.hpp> #include <boost/type_traits/has_dereference.hpp> -#include <cstring> #include <filesystem> -#include <fstream> #include <memory> #include <sdbusplus/asio/object_server.hpp> #include <string> +#include <vector> namespace fs = std::filesystem; @@ -50,7 +50,6 @@ class Credentials { if (!commasEscaped) { - escapeComma(userBuf); escapeComma(passBuf); commasEscaped = true; } |