emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* NEWS, src/chfn.c, src/chsh.c: Fix CVE-2011-0721: forbid \n in

Browse Source 
gecos or shell.
This commit is contained in:
nekral-guest 2011-02-16 00:18:45 +00:00
parent 7de49dec7b
commit 0419fc4f5f
4 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
2010-02-13 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, src/chfn.c, src/chsh.c: Fix CVE-2011-0721: forbid \n in
gecos or shell.
2011-02-12 Nicolas François <nicolas.francois@centraliens.net> 2011-02-12 Nicolas François <nicolas.francois@centraliens.net>
* autogen.sh: Restore original autoreconf (see 2010-08-29's change * autogen.sh: Restore original autoreconf (see 2010-08-29's change

8
NEWS
View File

@ -1,6 +1,6 @@
$Id$ $Id$
shadow-4.1.4.2 -> shadow-4.1.5 UNRELEASED shadow-4.1.4.3 -> shadow-4.1.5 UNRELEASED
- general - general
* report usage error to stderr, but report usage help to stdout (and return * report usage error to stderr, but report usage help to stdout (and return
@ -48,6 +48,12 @@ shadow-4.1.4.2 -> shadow-4.1.5 UNRELEASED
* Updated Vietnamese translation. * Updated Vietnamese translation.
* Updated Kazakh translation. * Updated Kazakh translation.
shadow-4.1.4.2 -> shadow-4.1.4.3 2011-02-15
*** security:
- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
to create users or groups in a NIS environment.
shadow-4.1.4.1 -> shadow-4.1.4.2 2009-07-24 shadow-4.1.4.1 -> shadow-4.1.4.2 2009-07-24
- general - general

10
src/chfn.c
View File

@ -551,14 +551,14 @@ static void get_old_fields (const char *gecos)
static void check_fields (void) static void check_fields (void)
{ {
int err; int err;
err = valid_field (fullnm, ":,="); err = valid_field (fullnm, ":,=\n");
if (err > 0) { if (err > 0) {
fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm); fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm);
} else if (err < 0) { } else if (err < 0) {
fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm); fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm);
fail_exit (E_NOPERM); fail_exit (E_NOPERM);
} }
err = valid_field (roomno, ":,="); err = valid_field (roomno, ":,=\n");
if (err > 0) { if (err > 0) {
fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno); fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno);
} else if (err < 0) { } else if (err < 0) {
@ -566,17 +566,17 @@ static void check_fields (void)
Prog, roomno); Prog, roomno);
fail_exit (E_NOPERM); fail_exit (E_NOPERM);
} }
if (valid_field (workph, ":,=") != 0) { if (valid_field (workph, ":,=\n") != 0) {
fprintf (stderr, _("%s: invalid work phone: '%s'\n"), fprintf (stderr, _("%s: invalid work phone: '%s'\n"),
Prog, workph); Prog, workph);
fail_exit (E_NOPERM); fail_exit (E_NOPERM);
} }
if (valid_field (homeph, ":,=") != 0) { if (valid_field (homeph, ":,=\n") != 0) {
fprintf (stderr, _("%s: invalid home phone: '%s'\n"), fprintf (stderr, _("%s: invalid home phone: '%s'\n"),
Prog, homeph); Prog, homeph);
fail_exit (E_NOPERM); fail_exit (E_NOPERM);
} }
err = valid_field (slop, ":"); err = valid_field (slop, ":\n");
if (err > 0) { if (err > 0) {
fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop); fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop);
} else if (err < 0) { } else if (err < 0) {

2
src/chsh.c
View File

@ -528,7 +528,7 @@ int main (int argc, char **argv)
* users are restricted to using the shells in /etc/shells. * users are restricted to using the shells in /etc/shells.
* The shell must be executable by the user. * The shell must be executable by the user.
*/ */
if (valid_field (loginsh, ":,=") != 0) { if (valid_field (loginsh, ":,=\n") != 0) {
fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh); fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh);
fail_exit (1); fail_exit (1);
} }