mirror of
https://git.yoctoproject.org/poky
synced 2026-06-02 13:29:49 +00:00
shadow: backport patch to fix CVE-2023-29383
The fix of CVE-2023-29383.patch contains a bug that it rejects all characters that are not control ones, so backup another patch named "0001-Overhaul-valid_field.patch" from upstream to fix it. (From OE-Core rev: b51e2c04daa4089f0aeabd9af197cc2f59f69a2b) Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Xiangyu Chen
committed by
Richard Purdie
Richard Purdie
parent
f73e712b6b
commit
bca7ec652f
@@ -0,0 +1,65 @@
|
|||||||
|
From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||||
|
Date: Fri, 31 Mar 2023 14:46:50 +0200
|
||||||
|
Subject: [PATCH] Overhaul valid_field()
|
||||||
|
|
||||||
|
e5905c4b ("Added control character check") introduced checking for
|
||||||
|
control characters but had the logic inverted, so it rejects all
|
||||||
|
characters that are not control ones.
|
||||||
|
|
||||||
|
Cast the character to `unsigned char` before passing to the character
|
||||||
|
checking functions to avoid UB.
|
||||||
|
|
||||||
|
Use strpbrk(3) for the illegal character test and return early.
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d55998386e4ceb4273c19eb4]
|
||||||
|
|
||||||
|
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
|
||||||
|
---
|
||||||
|
lib/fields.c | 24 ++++++++++--------------
|
||||||
|
1 file changed, 10 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/fields.c b/lib/fields.c
|
||||||
|
index fb51b582..53929248 100644
|
||||||
|
--- a/lib/fields.c
|
||||||
|
+++ b/lib/fields.c
|
||||||
|
@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal)
|
||||||
|
|
||||||
|
/* For each character of field, search if it appears in the list
|
||||||
|
* of illegal characters. */
|
||||||
|
+ if (illegal && NULL != strpbrk (field, illegal)) {
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Search if there are non-printable or control characters */
|
||||||
|
for (cp = field; '\0' != *cp; cp++) {
|
||||||
|
- if (strchr (illegal, *cp) != NULL) {
|
||||||
|
+ unsigned char c = *cp;
|
||||||
|
+ if (!isprint (c)) {
|
||||||
|
+ err = 1;
|
||||||
|
+ }
|
||||||
|
+ if (iscntrl (c)) {
|
||||||
|
err = -1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (0 == err) {
|
||||||
|
- /* Search if there are non-printable or control characters */
|
||||||
|
- for (cp = field; '\0' != *cp; cp++) {
|
||||||
|
- if (!isprint (*cp)) {
|
||||||
|
- err = 1;
|
||||||
|
- }
|
||||||
|
- if (!iscntrl (*cp)) {
|
||||||
|
- err = -1;
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
@@ -0,0 +1,53 @@
|
|||||||
|
From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
|
||||||
|
From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
|
||||||
|
Date: Thu, 23 Mar 2023 23:39:38 +0000
|
||||||
|
Subject: [PATCH] Added control character check
|
||||||
|
|
||||||
|
Added control character check, returning -1 (to "err") if control characters are present.
|
||||||
|
|
||||||
|
CVE: CVE-2023-29383
|
||||||
|
Upstream-Status: Backport
|
||||||
|
|
||||||
|
Reference to upstream:
|
||||||
|
https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
|
||||||
|
|
||||||
|
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
|
||||||
|
---
|
||||||
|
lib/fields.c | 11 +++++++----
|
||||||
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/fields.c b/lib/fields.c
|
||||||
|
index 640be931..fb51b582 100644
|
||||||
|
--- a/lib/fields.c
|
||||||
|
+++ b/lib/fields.c
|
||||||
|
@@ -21,9 +21,9 @@
|
||||||
|
*
|
||||||
|
* The supplied field is scanned for non-printable and other illegal
|
||||||
|
* characters.
|
||||||
|
- * + -1 is returned if an illegal character is present.
|
||||||
|
- * + 1 is returned if no illegal characters are present, but the field
|
||||||
|
- * contains a non-printable character.
|
||||||
|
+ * + -1 is returned if an illegal or control character is present.
|
||||||
|
+ * + 1 is returned if no illegal or control characters are present,
|
||||||
|
+ * but the field contains a non-printable character.
|
||||||
|
* + 0 is returned otherwise.
|
||||||
|
*/
|
||||||
|
int valid_field (const char *field, const char *illegal)
|
||||||
|
@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (0 == err) {
|
||||||
|
- /* Search if there are some non-printable characters */
|
||||||
|
+ /* Search if there are non-printable or control characters */
|
||||||
|
for (cp = field; '\0' != *cp; cp++) {
|
||||||
|
if (!isprint (*cp)) {
|
||||||
|
err = 1;
|
||||||
|
+ }
|
||||||
|
+ if (!iscntrl (*cp)) {
|
||||||
|
+ err = -1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
@@ -15,6 +15,8 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \
|
|||||||
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
|
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
|
||||||
file://useradd \
|
file://useradd \
|
||||||
file://0001-Fix-can-not-print-full-login.patch \
|
file://0001-Fix-can-not-print-full-login.patch \
|
||||||
|
file://CVE-2023-29383.patch \
|
||||||
|
file://0001-Overhaul-valid_field.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI:append:class-target = " \
|
SRC_URI:append:class-target = " \
|
||||||
|
|||||||
Reference in New Issue
Block a user