Sanitize username inputs in the database layer

[blerg.git] / common / auth.c

diff --git a/common/auth.c b/common/auth.c
index 1b6ecb6..cdfbf85 100644 (file)
--- a/common/auth.c
+++ b/common/auth.c
@@ -6,6 +6,7 @@
 #include <stdlib.h>
 #include "config.h"
 #include "auth.h"
+#include "util.h"
 
 #define TOKEN_SIZE 16
 
@@ -13,7 +14,7 @@ int auth_set_password(const char *username, const char *password) {
        char filename[512];
        int fd;
 
-       if (!blerg_exists(username))
+       if (!valid_name(username) || !blerg_exists(username))
                return 0;
 
        snprintf(filename, 512, "%s/%s/password", DATA_PATH, username);
@@ -29,6 +30,9 @@ int auth_get_password(const char *username, char *password) {
        int fd;
        int len = 0;
 
+       if (!valid_name(username))
+               return 0;
+
        sprintf(filename, "%s/%s/password", DATA_PATH, username);
        fd = open(filename, O_RDONLY);
        if (fd == -1)
@@ -107,6 +111,10 @@ int auth_login(const char *username, const char *password) {
 
 int auth_logout(const char *username) {
        char filename[512];
+
+       if (!valid_name(username))
+               return 0;
+
        sprintf(filename, "%s/%s/token", DATA_PATH, username);
        if (unlink(filename) == -1)
                return 0;
@@ -119,6 +127,9 @@ char *auth_get_token(const char *username) {
        char *token;
        int token_fd;
 
+       if (!valid_name(username))
+               return 0;
+
        sprintf(filename, "%s/%s/token", DATA_PATH, username);
        token_fd = open(filename, O_RDONLY, 0600);
        if (token_fd == -1) {