From 9d37173b24345160a41a6a1f8be75a0ed87b2445 Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Tue, 1 Jun 2021 22:11:37 -0500 Subject: [PATCH] usermod, newusers, prefix: enforce absolute paths for homedir useradd already was enforcing this, but these were not. Signed-off-by: Serge Hallyn --- libmisc/prefix_flag.c | 6 ++++++ src/newusers.c | 7 +++++++ src/usermod.c | 6 ++++++ 3 files changed, 19 insertions(+) diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c index 6eb71a72..2e455c40 100644 --- a/libmisc/prefix_flag.c +++ b/libmisc/prefix_flag.c @@ -109,6 +109,12 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char ** return ""; /* if prefix is "/" then we ignore the flag option */ /* should we prevent symbolic link from being used as a prefix? */ + if ( prefix[0] != '/') { + fprintf (shadow_logfd, + _("%s: prefix must be an absolute path\n"), + Prog); + exit (E_BAD_ARG); + } size_t len; len = strlen(prefix) + strlen(PASSWD_FILE) + 2; passwd_db_file = xmalloc(len); diff --git a/src/newusers.c b/src/newusers.c index 90d0a015..16bf7229 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -1250,6 +1250,13 @@ int main (int argc, char **argv) /* FIXME: should check for directory */ mode_t mode = getdef_num ("HOME_MODE", 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); + if (newpw.pw_dir[0] != '/') { + fprintf(stderr, + _("%s: line %d: homedir must be an absolute path\n"), + Prog, line); + errors++; + continue; + }; if (mkdir (newpw.pw_dir, mode) != 0) { fprintf (stderr, _("%s: line %d: mkdir %s failed: %s\n"), diff --git a/src/usermod.c b/src/usermod.c index 69afeda0..7870ba57 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1110,6 +1110,12 @@ static void process_flags (int argc, char **argv) } dflg = true; user_newhome = optarg; + if (user_newhome[0] != '/') { + fprintf (stderr, + _("%s: homedir must be an absolute path\n"), + Prog); + exit (E_BAD_ARG); + } break; case 'e': if ('\0' != *optarg) {