From 9faf3b3596c973cb75da7a843e2df1292df0a537 Mon Sep 17 00:00:00 2001
From: Ophestra Umiker <cat@ophivana.moe>
Date: Tue, 19 Nov 2024 21:01:41 +0900
Subject: [PATCH] app: validate username

This value is used for passwd generation. Bad input can cause very confusing issues. This is not a security issue, however validation will improve user experience.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
---
 internal/app/seal.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/internal/app/seal.go b/internal/app/seal.go
index 5ad588d..d3c7a87 100644
--- a/internal/app/seal.go
+++ b/internal/app/seal.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io/fs"
 	"path"
+	"regexp"
 	"strconv"
 
 	shim "git.ophivana.moe/security/fortify/cmd/fshim/ipc"
@@ -19,8 +20,11 @@ var (
 	ErrConfig = errors.New("no configuration to seal")
 	ErrUser   = errors.New("invalid aid")
 	ErrHome   = errors.New("invalid home directory")
+	ErrName   = errors.New("invalid username")
 )
 
+var posixUsername = regexp.MustCompilePOSIX("^[a-z_]([A-Za-z0-9_-]{0,31}|[A-Za-z0-9_-]{0,30}\\$)$")
+
 // appSeal seals the application with child-related information
 type appSeal struct {
 	// app unique ID string representation
@@ -106,6 +110,9 @@ func (a *app) Seal(config *Config) error {
 		}
 		if seal.sys.user.username == "" {
 			seal.sys.user.username = "chronos"
+		} else if !posixUsername.MatchString(seal.sys.user.username) {
+			return fmsg.WrapError(ErrName,
+				fmt.Sprintf("invalid user name %q", seal.sys.user.username))
 		}
 		if seal.sys.user.data == "" || !path.IsAbs(seal.sys.user.data) {
 			return fmsg.WrapError(ErrHome,