From 69313c13ca5f5fd83d1c10d52b8033618d2c22d5 Mon Sep 17 00:00:00 2001 From: katagia Date: Mon, 24 Nov 2003 20:32:37 +0000 Subject: [PATCH] Removed possible buffer overrun in lamdaemon.pl Allow - in streetname and title --- lam/lib/account.inc | 2 +- lam/lib/lamdaemon.pl | 9 +++++++-- lam/templates/account/useredit.php | 8 ++++---- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 66056032..b5fdffcb 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -1443,7 +1443,7 @@ function createuser($values, $uselamdaemon=true) { } // Add User to Additional Groups - if ($values->general_groupadd[0]) + if (isset($values->general_groupadd[0])) // Loop for every group foreach ($values->general_groupadd as $group2) { // Search for group in LDAP diff --git a/lam/lib/lamdaemon.pl b/lam/lib/lamdaemon.pl index f3b414b6..559134c1 100755 --- a/lam/lib/lamdaemon.pl +++ b/lam/lib/lamdaemon.pl @@ -183,7 +183,6 @@ if ($( == 0 ) { # we are root last switch2; }; } - last switch; }; last switch; }; @@ -208,6 +207,12 @@ else { "UserKnownHostsFile /dev/null"], protocol => "2,1" ); $ssh->login($username[0], $password); - ($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string); + # Change needed to prevent buffer overrun + @string2 = split ("\n", $string); + for ($i=0; $i<=$#string2; $i++) { + ($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]); + $stdout .= $stdout2; + } + #($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string); print $stdout; } diff --git a/lam/templates/account/useredit.php b/lam/templates/account/useredit.php index 1d4a0681..7b095d66 100644 --- a/lam/templates/account/useredit.php +++ b/lam/templates/account/useredit.php @@ -495,9 +495,9 @@ switch ($_POST['select']) { if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $account_new->personal_mobileTelephoneNumber)) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!')); if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $account_new->personal_facsimileTelephoneNumber)) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!')); if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $account_new->personal_mail)) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!')); - if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_street)) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!')); + if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_street)) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!')); if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_postalAddress)) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!')); - if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_title)) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!')); + if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_title)) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!')); if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_employeeType)) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!')); if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $account_new->personal_postalCode)) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!')); break; @@ -745,8 +745,8 @@ echo ""; echo _("Create new Account"); echo "\n". "\n". - "\n". - "\n". +// "\n". +// "\n". "\n". "
\n". "\n";