app: check username length against LOGIN_NAME_MAX

This limit is arbitrary, but it's good to enforce it anyway.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/app/seal.go

@@ -15,6 +15,7 @@ import (
 	"git.gensokyo.uk/security/fortify/dbus"
 	"git.gensokyo.uk/security/fortify/fst"
 	"git.gensokyo.uk/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/internal"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
 	"git.gensokyo.uk/security/fortify/internal/linux"
 	"git.gensokyo.uk/security/fortify/internal/state"
@@ -133,7 +134,8 @@ func (a *app) Seal(config *fst.Config) error {
 	}
 	if seal.sys.user.username == "" {
 		seal.sys.user.username = "chronos"
-	} else if !posixUsername.MatchString(seal.sys.user.username) {
+	} else if !posixUsername.MatchString(seal.sys.user.username) ||
+		len(seal.sys.user.username) >= internal.Sysconf_SC_LOGIN_NAME_MAX() {
 		return fmsg.WrapError(ErrName,
 			fmt.Sprintf("invalid user name %q", seal.sys.user.username))
 	}

internal/sysconf.go

@@ -0,0 +1,6 @@
+package internal
+
+//#include <unistd.h>
+import "C"
+
+func Sysconf_SC_LOGIN_NAME_MAX() int { return int(C.sysconf(C._SC_LOGIN_NAME_MAX)) }