From 428e4d38ce9f2e45425f1c5d5c231b8dd9187fc4 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Sat, 28 Feb 2026 21:30:57 +0100 Subject: [PATCH 1/6] src/useradd.c: create_home(): Move the first copy to 'path' closer to its use Signed-off-by: Alejandro Colomar --- src/useradd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/useradd.c b/src/useradd.c index e6c80bd6f1..316b67d8fa 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -2226,7 +2226,6 @@ static void create_home(const struct option_flags *flags) if (access (prefix_user_home, F_OK) == 0) return; - strcpy(path, ""); bhome = strdup(prefix_user_home); if (!bhome) { fprintf(stderr, @@ -2250,6 +2249,7 @@ static void create_home(const struct option_flags *flags) exists. If not, create it with permissions 755 and owner root:root. */ + strcpy(path, ""); for (cp = strtok(bhome, "/"); cp != NULL; cp = strtok(NULL, "/")) { bool dir_created; From 781dcce6fdf7b479142c94049d714f54e1b475e3 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Sat, 28 Feb 2026 21:37:26 +0100 Subject: [PATCH 2/6] src/useradd.c: create_home(): Handle first slash separately This removes the only use of 'bhome' within the loop other than in the strtok(3) calls. That was problematic, because it didn't allow changing this code to use strsep(3) --as strsep(3) wouldn't respect the first slash in the 'bhome' string as strtok(3) does--. Signed-off-by: Alejandro Colomar --- src/useradd.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/useradd.c b/src/useradd.c index 316b67d8fa..c30a6b3a20 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -71,6 +71,7 @@ #include "string/strcmp/strprefix.h" #include "string/strdup/strdup.h" #include "string/strerrno.h" +#include "string/strspn/stpspn.h" #include "string/strtok/stpsep.h" #include "sysconf.h" @@ -2250,11 +2251,12 @@ static void create_home(const struct option_flags *flags) owner root:root. */ strcpy(path, ""); + if (strspn(bhome, "/")) + strcat(path, "/"); for (cp = strtok(bhome, "/"); cp != NULL; cp = strtok(NULL, "/")) { bool dir_created; - /* Avoid turning a relative path into an absolute path. */ - if (strprefix(bhome, "/") || !streq(path, "")) + if (!streq(stpspn(path, "/"), "")) strcat(path, "/"); strcat(path, cp); From ca2a8c12316a818371992d111ced840f083c5462 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Sat, 28 Feb 2026 21:46:49 +0100 Subject: [PATCH 3/6] src/useradd.c: Use strsep(3) instead of strtok(3) This removes the remaining uses of strtok(3). strsep(3) differs from strtok(3) in that it doesn't collapse adjacent delimiters, and thus it produces empty strings for adjacent delimiters (slashes). We must skip these to keep the strtok(3) behavior. It makes sense, as we don't want to have unnecessarily repeated slashes in a path. That's why we do if (streq(cp, "")) continue; Also, while strtok(3) holds internal state, strsep(3) doesn't, which means we hold the state externally. Thus, we need to add the new pointer 'p'. Signed-off-by: Alejandro Colomar --- src/useradd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/useradd.c b/src/useradd.c index c30a6b3a20..a784f0b97f 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -2218,7 +2218,7 @@ usr_update (unsigned long subuid_count, unsigned long subgid_count, static void create_home(const struct option_flags *flags) { char path[strlen(prefix_user_home) + 2]; - char *bhome, *cp; + char *bhome, *cp, *p; mode_t mode; bool process_selinux; @@ -2253,9 +2253,13 @@ static void create_home(const struct option_flags *flags) strcpy(path, ""); if (strspn(bhome, "/")) strcat(path, "/"); - for (cp = strtok(bhome, "/"); cp != NULL; cp = strtok(NULL, "/")) { + p = bhome; + while (NULL != (cp = strsep(&p, "/"))) { bool dir_created; + if (streq(cp, "")) + continue; + if (!streq(stpspn(path, "/"), "")) strcat(path, "/"); From 8bf35048a43f20232884acf020d2609af03c58bf Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Sat, 28 Feb 2026 22:03:12 +0100 Subject: [PATCH 4/6] lib/, src/: Move lib/string/{strtok => strsep}/ We got rid of the last strtok(3) call, and don't want any references to it. It's dead. Signed-off-by: Alejandro Colomar --- lib/Makefile.am | 16 ++++++++-------- lib/commonio.c | 2 +- lib/console.c | 2 +- lib/fields.c | 2 +- lib/getdef.c | 2 +- lib/hushed.c | 2 +- lib/list.c | 2 +- lib/loginprompt.c | 2 +- lib/nss.c | 2 +- lib/port.c | 4 ++-- lib/setupenv.c | 2 +- lib/shadow/group/sgetgrent.c | 6 +++--- lib/shadow/gshadow/fgetsgent.c | 2 +- lib/shadow/gshadow/sgetsgent.c | 6 +++--- lib/shadow/passwd/sgetpwent.c | 4 ++-- lib/shadow/shadow/sgetspent.c | 4 ++-- lib/string/{strtok => strsep}/astrsep2ls.c | 2 +- lib/string/{strtok => strsep}/astrsep2ls.h | 6 +++--- lib/string/{strtok => strsep}/stpsep.c | 2 +- lib/string/{strtok => strsep}/stpsep.h | 6 ++---- lib/string/{strtok => strsep}/strsep2arr.c | 2 +- lib/string/{strtok => strsep}/strsep2arr.h | 4 ++-- lib/string/{strtok => strsep}/strsep2ls.c | 2 +- lib/string/{strtok => strsep}/strsep2ls.h | 6 +++--- lib/subordinateio.c | 2 +- lib/ttytype.c | 2 +- lib/tz.c | 2 +- src/chgpasswd.c | 2 +- src/chpasswd.c | 2 +- src/groupadd.c | 2 +- src/login_nopam.c | 2 +- src/newusers.c | 4 ++-- src/suauth.c | 2 +- src/useradd.c | 2 +- 34 files changed, 55 insertions(+), 57 deletions(-) rename lib/string/{strtok => strsep}/astrsep2ls.c (87%) rename lib/string/{strtok => strsep}/astrsep2ls.h (87%) rename lib/string/{strtok => strsep}/stpsep.c (84%) rename lib/string/{strtok => strsep}/stpsep.h (72%) rename lib/string/{strtok => strsep}/strsep2arr.c (88%) rename lib/string/{strtok => strsep}/strsep2arr.h (90%) rename lib/string/{strtok => strsep}/strsep2ls.c (88%) rename lib/string/{strtok => strsep}/strsep2ls.h (86%) diff --git a/lib/Makefile.am b/lib/Makefile.am index 28ec53ef6b..6ab7a9077e 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -253,14 +253,14 @@ libshadow_la_SOURCES = \ string/strspn/strrcspn.h \ string/strspn/strrspn.c \ string/strspn/strrspn.h \ - string/strtok/stpsep.c \ - string/strtok/stpsep.h \ - string/strtok/astrsep2ls.c \ - string/strtok/astrsep2ls.h \ - string/strtok/strsep2arr.c \ - string/strtok/strsep2arr.h \ - string/strtok/strsep2ls.c \ - string/strtok/strsep2ls.h \ + string/strsep/stpsep.c \ + string/strsep/stpsep.h \ + string/strsep/astrsep2ls.c \ + string/strsep/astrsep2ls.h \ + string/strsep/strsep2arr.c \ + string/strsep/strsep2arr.h \ + string/strsep/strsep2ls.c \ + string/strsep/strsep2ls.h \ strtoday.c \ sub.c \ subordinateio.h \ diff --git a/lib/commonio.c b/lib/commonio.c index b203883183..1fe12b4727 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -38,7 +38,7 @@ #include "string/strcmp/streq.h" #include "string/strcmp/strprefix.h" #include "string/strerrno.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" #undef NDEBUG #include diff --git a/lib/console.c b/lib/console.c index 9df3e2a49e..7037c55aeb 100644 --- a/lib/console.c +++ b/lib/console.c @@ -20,7 +20,7 @@ #include "string/strcmp/streq.h" #include "string/strcmp/strprefix.h" #include "string/strcpy/strtcpy.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" /* diff --git a/lib/fields.c b/lib/fields.c index 759dea755f..b4d8801f53 100644 --- a/lib/fields.c +++ b/lib/fields.c @@ -24,7 +24,7 @@ #include "string/strcmp/streq.h" #include "string/strspn/stpspn.h" #include "string/strspn/stprspn.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" /* diff --git a/lib/getdef.c b/lib/getdef.c index e85e0a4460..b95fcf6803 100644 --- a/lib/getdef.c +++ b/lib/getdef.c @@ -35,7 +35,7 @@ #include "string/strcmp/strprefix.h" #include "string/strspn/stpspn.h" #include "string/strspn/stprspn.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" /* diff --git a/lib/hushed.c b/lib/hushed.c index d88549a647..5d1d0a9830 100644 --- a/lib/hushed.c +++ b/lib/hushed.c @@ -24,7 +24,7 @@ #include "prototypes.h" #include "string/sprintf/stprintf.h" #include "string/strcmp/streq.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" /* diff --git a/lib/list.c b/lib/list.c index 8fa0e085ac..446dc089ab 100644 --- a/lib/list.c +++ b/lib/list.c @@ -14,7 +14,7 @@ #include "string/strchr/strchrcnt.h" #include "string/strcmp/streq.h" #include "string/strdup/strdup.h" -#include "string/strtok/strsep2ls.h" +#include "string/strsep/strsep2ls.h" #undef NDEBUG #include diff --git a/lib/loginprompt.c b/lib/loginprompt.c index 9eeae3ddb0..c438807219 100644 --- a/lib/loginprompt.c +++ b/lib/loginprompt.c @@ -21,7 +21,7 @@ #include "string/memset/memzero.h" #include "string/strcpy/strtcpy.h" #include "string/strspn/stpspn.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" static void diff --git a/lib/nss.c b/lib/nss.c index c487800e26..432399a646 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -18,7 +18,7 @@ #include "string/strcmp/streq.h" #include "string/strcmp/strprefix.h" #include "string/strspn/stpspn.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" #define NSSWITCH "/etc/nsswitch.conf" diff --git a/lib/port.c b/lib/port.c index 8cf6f39fb9..f546684453 100644 --- a/lib/port.c +++ b/lib/port.c @@ -22,8 +22,8 @@ #include "prototypes.h" #include "string/strcmp/streq.h" #include "string/strcmp/strprefix.h" -#include "string/strtok/stpsep.h" -#include "string/strtok/strsep2ls.h" +#include "string/strsep/stpsep.h" +#include "string/strsep/strsep2ls.h" static FILE *ports; diff --git a/lib/setupenv.c b/lib/setupenv.c index efa0f2d820..739ce5409b 100644 --- a/lib/setupenv.c +++ b/lib/setupenv.c @@ -30,7 +30,7 @@ #include "string/strcmp/strprefix.h" #include "string/strdup/strdup.h" #include "string/strspn/stpspn.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" #ifndef USE_PAM diff --git a/lib/shadow/group/sgetgrent.c b/lib/shadow/group/sgetgrent.c index 2a13091ef0..df44f349c9 100644 --- a/lib/shadow/group/sgetgrent.c +++ b/lib/shadow/group/sgetgrent.c @@ -21,9 +21,9 @@ #include "defines.h" #include "prototypes.h" #include "string/strcmp/streq.h" -#include "string/strtok/stpsep.h" -#include "string/strtok/strsep2arr.h" -#include "string/strtok/astrsep2ls.h" +#include "string/strsep/stpsep.h" +#include "string/strsep/strsep2arr.h" +#include "string/strsep/astrsep2ls.h" /* diff --git a/lib/shadow/gshadow/fgetsgent.c b/lib/shadow/gshadow/fgetsgent.c index 0af9c6015f..c388b246c4 100644 --- a/lib/shadow/gshadow/fgetsgent.c +++ b/lib/shadow/gshadow/fgetsgent.c @@ -20,7 +20,7 @@ #include "prototypes.h" #include "shadow/gshadow/sgetsgent.h" #include "shadow/gshadow/sgrp.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" /* diff --git a/lib/shadow/gshadow/sgetsgent.c b/lib/shadow/gshadow/sgetsgent.c index a239b45ad9..646b7c71c6 100644 --- a/lib/shadow/gshadow/sgetsgent.c +++ b/lib/shadow/gshadow/sgetsgent.c @@ -16,9 +16,9 @@ #include "shadow/gshadow/sgrp.h" #include "string/strcmp/streq.h" -#include "string/strtok/astrsep2ls.h" -#include "string/strtok/stpsep.h" -#include "string/strtok/strsep2arr.h" +#include "string/strsep/astrsep2ls.h" +#include "string/strsep/stpsep.h" +#include "string/strsep/strsep2arr.h" #if defined(SHADOWGRP) && !__has_include() diff --git a/lib/shadow/passwd/sgetpwent.c b/lib/shadow/passwd/sgetpwent.c index 531b4aac1a..a02e5a3156 100644 --- a/lib/shadow/passwd/sgetpwent.c +++ b/lib/shadow/passwd/sgetpwent.c @@ -20,8 +20,8 @@ #include "defines.h" #include "prototypes.h" #include "string/strcmp/streq.h" -#include "string/strtok/stpsep.h" -#include "string/strtok/strsep2arr.h" +#include "string/strsep/stpsep.h" +#include "string/strsep/strsep2arr.h" /* diff --git a/lib/shadow/shadow/sgetspent.c b/lib/shadow/shadow/sgetspent.c index 1c2fbe22b5..79c73293da 100644 --- a/lib/shadow/shadow/sgetspent.c +++ b/lib/shadow/shadow/sgetspent.c @@ -23,8 +23,8 @@ #include "prototypes.h" #include "sizeof.h" #include "string/strcmp/streq.h" -#include "string/strtok/stpsep.h" -#include "string/strtok/strsep2arr.h" +#include "string/strsep/stpsep.h" +#include "string/strsep/strsep2arr.h" #define FIELDS 9 diff --git a/lib/string/strtok/astrsep2ls.c b/lib/string/strsep/astrsep2ls.c similarity index 87% rename from lib/string/strtok/astrsep2ls.c rename to lib/string/strsep/astrsep2ls.c index 1778b719a3..71a9d5f6d4 100644 --- a/lib/string/strtok/astrsep2ls.c +++ b/lib/string/strsep/astrsep2ls.c @@ -4,7 +4,7 @@ #include "config.h" -#include "string/strtok/astrsep2ls.h" +#include "string/strsep/astrsep2ls.h" #include diff --git a/lib/string/strtok/astrsep2ls.h b/lib/string/strsep/astrsep2ls.h similarity index 87% rename from lib/string/strtok/astrsep2ls.h rename to lib/string/strsep/astrsep2ls.h index aa9283a119..ad18390396 100644 --- a/lib/string/strtok/astrsep2ls.h +++ b/lib/string/strsep/astrsep2ls.h @@ -2,8 +2,8 @@ // SPDX-License-Identifier: BSD-3-Clause -#ifndef SHADOW_INCLUDE_LIB_STRING_STRTOK_ASTRSEP2LS_H_ -#define SHADOW_INCLUDE_LIB_STRING_STRTOK_ASTRSEP2LS_H_ +#ifndef SHADOW_INCLUDE_LIB_STRING_STRSEP_ASTRSEP2LS_H_ +#define SHADOW_INCLUDE_LIB_STRING_STRSEP_ASTRSEP2LS_H_ #include "config.h" @@ -14,7 +14,7 @@ #include "attr.h" #include "exit_if_null.h" #include "string/strchr/strchrscnt.h" -#include "string/strtok/strsep2ls.h" +#include "string/strsep/strsep2ls.h" // xastrsep2ls - exit-on-error allocate string separate to list-of-strings diff --git a/lib/string/strtok/stpsep.c b/lib/string/strsep/stpsep.c similarity index 84% rename from lib/string/strtok/stpsep.c rename to lib/string/strsep/stpsep.c index a79257a388..9749994a5d 100644 --- a/lib/string/strtok/stpsep.c +++ b/lib/string/strsep/stpsep.c @@ -4,7 +4,7 @@ #include "config.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" extern inline char *stpsep(char *s, const char *delim); diff --git a/lib/string/strtok/stpsep.h b/lib/string/strsep/stpsep.h similarity index 72% rename from lib/string/strtok/stpsep.h rename to lib/string/strsep/stpsep.h index 132a4bc5c4..ac0cf3b18b 100644 --- a/lib/string/strtok/stpsep.h +++ b/lib/string/strsep/stpsep.h @@ -2,8 +2,8 @@ // SPDX-License-Identifier: BSD-3-Clause -#ifndef SHADOW_INCLUDE_LIB_STRING_STRTOK_STPSEP_H_ -#define SHADOW_INCLUDE_LIB_STRING_STRTOK_STPSEP_H_ +#ifndef SHADOW_INCLUDE_LIB_STRING_STRSEP_STPSEP_H_ +#define SHADOW_INCLUDE_LIB_STRING_STRSEP_STPSEP_H_ #include "config.h" @@ -20,8 +20,6 @@ inline char *stpsep(char *s, const char *delim); // string returns-pointer separate // Similar to strsep(3), // but return the next token, and don't update the input pointer. -// Similar to strtok(3), -// but don't store a state, and don't skip empty fields. inline char * stpsep(char *s, const char *delim) { diff --git a/lib/string/strtok/strsep2arr.c b/lib/string/strsep/strsep2arr.c similarity index 88% rename from lib/string/strtok/strsep2arr.c rename to lib/string/strsep/strsep2arr.c index fb0b9308bc..dadc5fcdf1 100644 --- a/lib/string/strtok/strsep2arr.c +++ b/lib/string/strsep/strsep2arr.c @@ -4,7 +4,7 @@ #include "config.h" -#include "string/strtok/strsep2arr.h" +#include "string/strsep/strsep2arr.h" #include #include diff --git a/lib/string/strtok/strsep2arr.h b/lib/string/strsep/strsep2arr.h similarity index 90% rename from lib/string/strtok/strsep2arr.h rename to lib/string/strsep/strsep2arr.h index f96ddfdd74..851c515a75 100644 --- a/lib/string/strtok/strsep2arr.h +++ b/lib/string/strsep/strsep2arr.h @@ -2,8 +2,8 @@ // SPDX-License-Identifier: BSD-3-Clause -#ifndef SHADOW_INCLUDE_LIB_STRING_STRTOK_STRSEP2ARR_H_ -#define SHADOW_INCLUDE_LIB_STRING_STRTOK_STRSEP2ARR_H_ +#ifndef SHADOW_INCLUDE_LIB_STRING_STRSEP_STRSEP2ARR_H_ +#define SHADOW_INCLUDE_LIB_STRING_STRSEP_STRSEP2ARR_H_ #include "config.h" diff --git a/lib/string/strtok/strsep2ls.c b/lib/string/strsep/strsep2ls.c similarity index 88% rename from lib/string/strtok/strsep2ls.c rename to lib/string/strsep/strsep2ls.c index 73f24f3819..a146f16b47 100644 --- a/lib/string/strtok/strsep2ls.c +++ b/lib/string/strsep/strsep2ls.c @@ -4,7 +4,7 @@ #include "config.h" -#include "string/strtok/strsep2ls.h" +#include "string/strsep/strsep2ls.h" #include #include diff --git a/lib/string/strtok/strsep2ls.h b/lib/string/strsep/strsep2ls.h similarity index 86% rename from lib/string/strtok/strsep2ls.h rename to lib/string/strsep/strsep2ls.h index a61e2ef975..5485931487 100644 --- a/lib/string/strtok/strsep2ls.h +++ b/lib/string/strsep/strsep2ls.h @@ -2,8 +2,8 @@ // SPDX-License-Identifier: BSD-3-Clause -#ifndef SHADOW_INCLUDE_LIB_STRING_STRTOK_STRSEP2LS_H_ -#define SHADOW_INCLUDE_LIB_STRING_STRTOK_STRSEP2LS_H_ +#ifndef SHADOW_INCLUDE_LIB_STRING_STRSEP_STRSEP2LS_H_ +#define SHADOW_INCLUDE_LIB_STRING_STRSEP_STRSEP2LS_H_ #include "config.h" @@ -14,7 +14,7 @@ #include "attr.h" #include "sizeof.h" -#include "string/strtok/strsep2arr.h" +#include "string/strsep/strsep2arr.h" // strsep2ls_a - string separate to list-of-strings array diff --git a/lib/subordinateio.c b/lib/subordinateio.c index 357ec54621..cf0c2384d3 100644 --- a/lib/subordinateio.c +++ b/lib/subordinateio.c @@ -27,7 +27,7 @@ #include "string/ctype/strisascii/strisdigit.h" #include "string/sprintf/stprintf.h" #include "string/strcmp/streq.h" -#include "string/strtok/strsep2arr.h" +#include "string/strsep/strsep2arr.h" #define ID_SIZE 31 diff --git a/lib/ttytype.c b/lib/ttytype.c index e2a9c98f7d..0baf36766a 100644 --- a/lib/ttytype.c +++ b/lib/ttytype.c @@ -21,7 +21,7 @@ #include "prototypes.h" #include "string/strcmp/streq.h" #include "string/strcmp/strprefix.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" /* diff --git a/lib/tz.c b/lib/tz.c index b2d9531e20..9bc7fafff9 100644 --- a/lib/tz.c +++ b/lib/tz.c @@ -21,7 +21,7 @@ #include "getdef.h" #include "io/fgets/fgets.h" #include "prototypes.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" /* diff --git a/src/chgpasswd.c b/src/chgpasswd.c index e77ecc6ac7..2af30f9c37 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -34,7 +34,7 @@ #include "shadowlog.h" #include "string/strcmp/streq.h" #include "string/strerrno.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" /* * Structures diff --git a/src/chpasswd.c b/src/chpasswd.c index fa0b19d15f..1a61bfb657 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -37,7 +37,7 @@ #include "shadowlog.h" #include "string/strcmp/streq.h" #include "string/strerrno.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" #define IS_CRYPT_METHOD(str) ((crypt_method != NULL && streq(crypt_method, str)) ? true : false) diff --git a/src/groupadd.c b/src/groupadd.c index 3c4ac8b13c..58261f6fd1 100644 --- a/src/groupadd.c +++ b/src/groupadd.c @@ -36,7 +36,7 @@ #include "string/memset/memzero.h" #include "string/strcmp/streq.h" #include "string/strerrno.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" /* diff --git a/src/login_nopam.c b/src/login_nopam.c index 3269e74f74..eede6e2569 100644 --- a/src/login_nopam.c +++ b/src/login_nopam.c @@ -65,7 +65,7 @@ #include "string/strcmp/streq.h" #include "string/strcmp/strprefix.h" #include "string/strspn/stprspn.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" /* Path name of the access control file. */ diff --git a/src/newusers.c b/src/newusers.c index 6bae4b3433..23a2c6ad55 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -56,8 +56,8 @@ #include "string/strcmp/streq.h" #include "string/strdup/strdup.h" #include "string/strerrno.h" -#include "string/strtok/stpsep.h" -#include "string/strtok/strsep2arr.h" +#include "string/strsep/stpsep.h" +#include "string/strsep/strsep2arr.h" struct option_flags { bool chroot; diff --git a/src/suauth.c b/src/suauth.c index 5d55484ce9..b3e911ffb7 100644 --- a/src/suauth.c +++ b/src/suauth.c @@ -24,7 +24,7 @@ #include "string/strcmp/strprefix.h" #include "string/strspn/stpspn.h" #include "string/strspn/stprspn.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" #ifndef SUAUTHFILE diff --git a/src/useradd.c b/src/useradd.c index a784f0b97f..ff3e4caae5 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -72,7 +72,7 @@ #include "string/strdup/strdup.h" #include "string/strerrno.h" #include "string/strspn/stpspn.h" -#include "string/strtok/stpsep.h" +#include "string/strsep/stpsep.h" #include "sysconf.h" #undef NDEBUG From 2897e9daf50c668f4945fbfbe23b5fdf574f0a6c Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Sat, 28 Feb 2026 22:05:42 +0100 Subject: [PATCH 5/6] lib/string/README: Add strtok(3) to the sanctions list Signed-off-by: Alejandro Colomar --- lib/string/README | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/string/README b/lib/string/README index d36388f694..5059500a55 100644 --- a/lib/string/README +++ b/lib/string/README @@ -60,6 +60,11 @@ Don't use some libc functions without Really Good Reasons: strlcat(3) is vulnerable to DoS. Also, it is difficult to check for truncation after strlcat(3). + strtok(3) + Use strsep(3) or stpsep() instead. + strtok(3) has internal state, which makes it very difficult to + understand. + Specific guidelines: ==================== From 1e95370b009c0d33425a7b4b7f790ddaec9887f5 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Wed, 4 Mar 2026 16:41:40 +0100 Subject: [PATCH 6/6] lib/string/README: Add strtok_r(3) to the sanctions list It's not as bad as strtok(3), but strsep(3)/stpsep() are still better. Signed-off-by: Alejandro Colomar --- lib/string/README | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/string/README b/lib/string/README index 5059500a55..ccdea761be 100644 --- a/lib/string/README +++ b/lib/string/README @@ -65,6 +65,10 @@ Don't use some libc functions without Really Good Reasons: strtok(3) has internal state, which makes it very difficult to understand. + strtok_r(3) + Use strsep(3) or stpsep() instead. + strtok_r(3)'s behavior is difficult to understand. + Specific guidelines: ====================