* lib/groupio.c, lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: Check

entry validity before commits to databases.
	* libmisc/fields.c, libmisc/Makefile.am, lib/fields.c,
	lib/Makefile.am, po/POTFILES.in: fields.c moved from libmisc to
	lib.

ChangeLog

@@ -1,3 +1,11 @@
+2010-02-15  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* lib/groupio.c, lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: Check
+	entry validity before commits to databases.
+	* libmisc/fields.c, libmisc/Makefile.am, lib/fields.c,
+	lib/Makefile.am, po/POTFILES.in: fields.c moved from libmisc to
+	lib.
+
 2010-02-13  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* NEWS, src/chfn.c, src/chsh.c: Fix CVE-2011-0721: forbid \n in

lib/Makefile.am

@@ -14,6 +14,7 @@ libshadow_la_SOURCES = \
 	encrypt.c \
 	exitcodes.h \
 	faillog.h \
+	fields.c \
 	fputsx.c \
 	getdef.c \
 	getdef.h \

lib/fields.c

@@ -54,6 +54,10 @@ int valid_field (const char *field, const char *illegal)
 	const char *cp;
 	int err = 0;
 
+	if (NULL == cp) {
+		return -1;
+	}
+
 	/* For each character of field, search if it appears in the list
 	 * of illegal characters. */
 	for (cp = field; '\0' != *cp; cp++) {

lib/groupio.c

@@ -80,6 +80,23 @@ static int group_put (const void *ent, FILE * file)
 {
 	const struct group *gr = ent;
 
+	if (   (NULL == gr)
+	    || (valid_field (gr->gr_name, ":\n") == -1)
+	    || (valid_field (gr->gr_passwd, ":\n") == -1)
+	    || (gr->gr_gid == (gid_t)-1)) {
+		return -1;
+	}
+
+	/* FIXME: fail also if gr->gr_mem == NULL ?*/
+	if (NULL != gr->gr_mem) {
+		size_t i;
+		for (i = 0; NULL != gr->gr_mem[i]; i++) {
+			if (valid_field (gr->gr_mem[i], ",:\n") == -1) {
+				return -1;
+			}
+		}
+	}
+
 	return (putgrent (gr, file) == -1) ? -1 : 0;
 }
 

lib/pwio.c

@@ -72,6 +72,17 @@ static int passwd_put (const void *ent, FILE * file)
 {
 	const struct passwd *pw = ent;
 
+	if (   (NULL == pw)
+	    || (valid_field (pw->pw_name, ":\n") == -1)
+	    || (valid_field (pw->pw_passwd, ":\n") == -1)
+	    || (pw->pw_uid == (uid_t)-1)
+	    || (pw->pw_gid == (gid_t)-1)
+	    || (valid_field (pw->pw_gecos, ":\n") == -1)
+	    || (valid_field (pw->pw_dir, ":\n") == -1)
+	    || (valid_field (pw->pw_shell, ":\n") == -1)) {
+		return -1;
+	}
+
 	return (putpwent (pw, file) == -1) ? -1 : 0;
 }
 

lib/sgroupio.c

@@ -169,6 +169,32 @@ static int gshadow_put (const void *ent, FILE * file)
 {
 	const struct sgrp *sg = ent;
 
+	if (   (NULL == sg)
+	    || (valid_field (sg->sg_name, ":\n") == -1)
+	    || (valid_field (sg->sg_passwd, ":\n") == -1)) {
+		return -1;
+	}
+
+	/* FIXME: fail also if sg->sg_adm == NULL ?*/
+	if (NULL != sg->sg_adm) {
+		size_t i;
+		for (i = 0; NULL != sg->sg_adm[i]; i++) {
+			if (valid_field (sg->sg_adm[i], ",:\n") == -1) {
+				return -1;
+			}
+		}
+	}
+
+	/* FIXME: fail also if sg->sg_mem == NULL ?*/
+	if (NULL != sg->sg_mem) {
+		size_t i;
+		for (i = 0; NULL != sg->sg_mem[i]; i++) {
+			if (valid_field (sg->sg_mem[i], ",:\n") == -1) {
+				return -1;
+			}
+		}
+	}
+
 	return (putsgent (sg, file) == -1) ? -1 : 0;
 }
 

lib/shadowio.c

@@ -76,6 +76,12 @@ static int shadow_put (const void *ent, FILE * file)
 {
 	const struct spwd *sp = ent;
 
+	if (   (NULL == sp)
+	    || (valid_field (sp->sp_namp, ":\n") == -1)
+	    || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
+		return -1;
+	}
+
 	return (putspent (sp, file) == -1) ? -1 : 0;
 }
 

libmisc/Makefile.am

@@ -23,7 +23,6 @@ libmisc_a_SOURCES = \
 	env.c \
 	failure.c \
 	failure.h \
-	fields.c \
 	find_new_gid.c \
 	find_new_uid.c \
 	getdate.h \

libmisc/user_busy.c

@@ -43,7 +43,7 @@
 
 #ifdef __linux__
 static int check_status (const char *sname, uid_t uid);
-static int user_busy_processes (uid_t uid);
+static int user_busy_processes (const char *name, uid_t uid);
 #else				/* !__linux__ */
 static int user_busy_utmp (const char *name);
 #endif				/* !__linux__ */
@@ -58,7 +58,7 @@ int user_busy (const char *name, uid_t uid)
 	 */
 #ifdef __linux__
 	/* On Linux, directly parse /proc */
-	return user_busy_processes (uid);
+	return user_busy_processes (name, uid);
 #else				/* !__linux__ */
 	/* If we cannot rely on /proc, check is there is a record in utmp
 	 * indicating that the user is still logged in */
@@ -91,6 +91,9 @@ static int user_busy_utmp (const char *name)
 			continue;
 		}
 
+		fprintf (stderr,
+		         _("%s: user %s is currently logged in\n"),
+		         Prog, name);
 		return 1;
 	}
 
@@ -137,7 +140,7 @@ static int check_status (const char *sname, uid_t uid)
 	return 0;
 }
 
-static int user_busy_processes (uid_t uid)
+static int user_busy_processes (const char *name, uid_t uid)
 {
 	DIR *proc;
 	struct dirent *ent;
@@ -195,6 +198,9 @@ static int user_busy_processes (uid_t uid)
 
 		if (check_status (tmp_d_name, uid) != 0) {
 			(void) closedir (proc);
+			fprintf (stderr,
+			         _("%s: user %s is currently used by process %d\n"),
+			         Prog, name, pid);
 			return 1;
 		}
 
@@ -212,6 +218,9 @@ static int user_busy_processes (uid_t uid)
 				}
 				if (check_status (task_path+6, uid) != 0) {
 					(void) closedir (proc);
+					fprintf (stderr,
+					         _("%s: user %s is currently used by process %d\n"),
+					         Prog, name, pid);
 					return 1;
 				}
 			}

po/POTFILES.in

@@ -2,6 +2,7 @@
 
 lib/commonio.c
 lib/encrypt.c
+lib/fields.c
 lib/fputsx.c
 lib/getdef.c
 lib/get_gid.c
@@ -40,7 +41,6 @@ libmisc/copydir.c
 libmisc/entry.c
 libmisc/env.c
 libmisc/failure.c
-libmisc/fields.c
 libmisc/find_new_gid.c
 libmisc/find_new_uid.c
 libmisc/getgr_nam_gid.c