diff options
| author | Florian Weimer <fweimer@redhat.com> | 2015-10-02 11:34:13 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2015-10-02 11:34:13 +0200 |
| commit | 676599b36a92f3c201c5682ee7a5caddd9f370a4 (patch) | |
| tree | 6860752c26ccab76ee9db5e60ff465d1edf25feb /ChangeLog | |
| parent | b0f81637d5bda47be93bac34b68f429a12979321 (diff) | |
| download | glibc-676599b36a92f3c201c5682ee7a5caddd9f370a4.tar.gz glibc-676599b36a92f3c201c5682ee7a5caddd9f370a4.tar.xz glibc-676599b36a92f3c201c5682ee7a5caddd9f370a4.zip | |
Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]
This prevents injection of ':' and '\n' into output functions which use the NSS files database syntax. Critical fields (user/group names and file system paths) are checked strictly. For backwards compatibility, the GECOS field is rewritten instead. The getent program is adjusted to use the put*ent functions in libc, instead of local copies. This changes the behavior of getent if user names start with '-' or '+'.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index d410e0feef..20953eebc9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,41 @@ +2015-10-02 Florian Weimer <fweimer@redhat.com> + + [BZ #18724] + * include/nss.h (NSS_INVALID_FIELD_CHARACTERS): Define. + (__nss_invalid_field_characters, __nss_valid_field) + (__nss_valid_list_field, __nss_rewrite_field): Declare. + * nss/valid_field.c, nss/valid_list_field, nss/rewrite_field.c, + tst-field.c: New file. + * nss/Makefile (routines): Add valid_field, rewrite_field. + (tests-static): Define unconditionally. + (tests): Include tests-static. + [build-static-nss] (tests-static): Use append. + [build-static-nss] (tests): Remove modification. + * nss/getent.c (print_group): Call putgrent. Report error. + (print_gshadow): Call putsgent. Report error. + (print_passwd): Call putpwent. Report error. + (print_shadow): Call putspent. Report error. + * include/pwd.h: Include <nss.h> instead of <nss/nss.h>. + * pwd/pwd.h (putpwent): Remove incorrect nonnull attribute. + * pwd/putpwent.c (putpwent): Use ISO function definition. Check + name, password, directory, shell fields for valid syntax. Rewrite + GECOS field to match syntax. + * pwd/Makefile (tests): Add tst-putpwent. + * pwd/tst-putpwent.c: New file. + * grp/putgrent.c (putgrent): Convert to ISO function definition. + Check grName, grpasswd, gr_mem fields for valid syntax. + Change loop variable i to size_t. + * grp/Makefile (tests): Add tst-putgrent. + * grp/tst-putgrent.c: New file. + * shadow/putspent.c (putspent): Check sp_namp, sp_pwdp fields for + valid syntax. + * shadow/Makefile (tests): Add tst-putspent. + * shadow/tst-putspent.c: New file. + * gshadow/putsgent.c (putsgent): Check sg_namp, sg_passwd, sg_adm, + sg_mem fields for valid syntax. + * gshadow/Makefile (tests): Add tst-putsgent. + * gshadow/tst-putsgent.c: New file. + 2015-10-01 Gabriel F. T. Gomes <gftg@linux.vnet.ibm.com> * sysdeps/powerpc/powerpc64/power8/strncpy.S: Added comments to some |