Removed possible buffer overrun in lamdaemon.pl

Allow - in streetname and title
2003-11-24 20:32:37 +00:00 · 2003-11-24 20:32:37 +00:00 · 69313c13ca
parent 9af780b94e
commit 69313c13ca
3 changed files with 12 additions and 7 deletions
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@ -1443,7 +1443,7 @@ function createuser($values, $uselamdaemon=true) {
 		}
 	// Add User to Additional Groups
-	if ($values->general_groupadd[0])
+	if (isset($values->general_groupadd[0]))
 		// Loop for every group
 		foreach ($values->general_groupadd as $group2) {
 			// Search for group in LDAP
--- a/lam/lib/lamdaemon.pl
+++ b/lam/lib/lamdaemon.pl
@ -183,7 +183,6 @@ if ($( == 0 ) { # we are root
 							last switch2;
 							};
 						}
 						last switch;
 					};
 					last switch;
 				};
@ -208,6 +207,12 @@ else {
 		"UserKnownHostsFile /dev/null"],
 		protocol => "2,1" );
 	$ssh->login($username[0], $password);
-	($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string);
+	# Change needed to prevent buffer overrun
 	@string2 = split ("\n", $string);
 	for ($i=0; $i<=$#string2; $i++) {
 		($stdout2, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string2[$i]);
 		$stdout .= $stdout2;
 		}
 	#($stdout, $stderr, $exit) = $ssh->cmd("sudo $remotepath $argv", $string);
 	print $stdout;
 	}
--- a/lam/templates/account/useredit.php
+++ b/lam/templates/account/useredit.php
@ -495,9 +495,9 @@ switch ($_POST['select']) {
 		if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $account_new->personal_mobileTelephoneNumber))  $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'));
 		if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $account_new->personal_facsimileTelephoneNumber))  $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'));
 		if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $account_new->personal_mail))  $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'));
-		if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_street))  $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
+		if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_street))  $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
 		if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_postalAddress))  $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'));
-		if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_title))  $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'));
+		if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_title))  $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'));
 		if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_employeeType))  $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
 		if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $account_new->personal_postalCode))  $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
 		break;
@ -745,8 +745,8 @@ echo "<title>";
 echo _("Create new Account");
 echo "</title>\n".
 	"<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n".
-	"<meta http-equiv=\"pragma\" content=\"no-cache\">\n".
+//	"<meta http-equiv=\"pragma\" content=\"no-cache\">\n".
-	"<meta http-equiv=\"cache-control\" content=\"no-cache\">\n".
+//	"<meta http-equiv=\"cache-control\" content=\"no-cache\">\n".
 	"</head><body>\n".
 	"<form action=\"useredit.php\" method=\"post\">\n".
 	"<input name=\"varkey\" type=\"hidden\" value=\"".$varkey."\">\n";