From 901d3533ec3285b58960d0af0937c8e05692ebe0 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@kth.se>
Date: Fri, 23 Jun 2023 10:40:22 +0200
Subject: Add argument checks to key2root-addkey and key2root-rmkey
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@kth.se>
---
 key2root-addkey.8 |  1 +
 key2root-addkey.c | 22 +++++++++++++++++++++-
 key2root-rmkey.c  | 21 +++++++++++++++++++++
 3 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/key2root-addkey.8 b/key2root-addkey.8
index 8f6eb7d..9faf335 100644
--- a/key2root-addkey.8
+++ b/key2root-addkey.8
@@ -42,6 +42,7 @@ be a user ID or a user name.
 .TP
 .I key-name
 The name the keyfile shall be given.
+May not include whitespace characters.
 .TP
 .I crypt-parameters
 crypt(3) parameters that the keyfile shall be hashed with.
diff --git a/key2root-addkey.c b/key2root-addkey.c
index 9dab78b..d5ec701 100644
--- a/key2root-addkey.c
+++ b/key2root-addkey.c
@@ -20,7 +20,11 @@ usage(void)
 int
 main(int argc, char *argv[])
 {
+	const char *user;
+	const char *keyname;
+	const char *parameters;
 	int allow_replace = 0;
+	int failed = 0;
 
 	ARGBEGIN {
 	case 'r':
@@ -33,10 +37,26 @@ main(int argc, char *argv[])
 	if (argc < 2 || argc > 3)
 		usage();
 
+	user = argv[0];
+	keyname = argv[1];
+	parameters = argv[2];
+
+	if (!user[0] || user[0] == '.' || strchr(user, '/') || strchr(user, '~')) {
+		fprintf(stderr, "%s: bad user name specified: %s\n", argv0, user);
+		failed = 1;
+	}
+	if (keyname[strcspn(keyname, " \t\f\n\r\v")]) {
+		fprintf(stderr, "%s: bad key name specified: %s, includes whitespace\n", argv0, keyname);
+		failed = 1;
+	}
 	if (isatty(STDIN_FILENO)) {
 		fprintf(stderr, "%s: standard input must not be a TTY.\n", argv0);
-		exit(1);
+		failed = 1;
 	}
+	if (failed)
+		return 1;
+
+	/* TODO */
 
 	return 0;
 }
diff --git a/key2root-rmkey.c b/key2root-rmkey.c
index 1050977..f2ab34d 100644
--- a/key2root-rmkey.c
+++ b/key2root-rmkey.c
@@ -19,6 +19,9 @@ usage(void)
 int
 main(int argc, char *argv[])
 {
+	const char *user;
+	int i, failed = 0;
+
 	ARGBEGIN {
 	default:
 		usage();
@@ -27,5 +30,23 @@ main(int argc, char *argv[])
 	if (argc < 2)
 		usage();
 
+	user = *argv++;
+	argc--;
+
+	if (!user[0] || user[0] == '.' || strchr(user, '/') || strchr(user, '~')) {
+		fprintf(stderr, "%s: bad user name specified: %s\n", argv0, user);
+		failed = 1;
+	}
+	for (i = 0; i < argc; i++) {
+		if (argv[i][strcspn(argv[i], " \t\f\n\r\v")]) {
+			fprintf(stderr, "%s: bad key name specified: %s, includes whitespace\n", argv0, argv[i]);
+			failed = 1;
+		}
+	}
+	if (failed)
+		return 1;
+
+	/* TODO */
+
 	return 0;
 }
-- 
cgit v1.2.3-70-g09d2