fix CVE-2023-29383
Signed-off-by: yunjia_w <yunjia.wang@huawei.com>
This commit is contained in:
yunjia_w
parent
d693779ef4
commit
53a2fb25cc
45
backport-Added-control-character-check.patch
Normal file
45
backport-Added-control-character-check.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
|
||||
From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
|
||||
Date: Thu, 23 Mar 2023 23:39:38 +0000
|
||||
Subject: [PATCH] Added control character check
|
||||
|
||||
Added control character check, returning -1 (to "err") if control characters are present.
|
||||
---
|
||||
lib/fields.c | 11 +++++++----
|
||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/fields.c b/lib/fields.c
|
||||
index 640be931..fb51b582 100644
|
||||
--- a/lib/fields.c
|
||||
+++ b/lib/fields.c
|
||||
@@ -21,9 +21,9 @@
|
||||
*
|
||||
* The supplied field is scanned for non-printable and other illegal
|
||||
* characters.
|
||||
- * + -1 is returned if an illegal character is present.
|
||||
- * + 1 is returned if no illegal characters are present, but the field
|
||||
- * contains a non-printable character.
|
||||
+ * + -1 is returned if an illegal or control character is present.
|
||||
+ * + 1 is returned if no illegal or control characters are present,
|
||||
+ * but the field contains a non-printable character.
|
||||
* + 0 is returned otherwise.
|
||||
*/
|
||||
int valid_field (const char *field, const char *illegal)
|
||||
@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
|
||||
}
|
||||
|
||||
if (0 == err) {
|
||||
- /* Search if there are some non-printable characters */
|
||||
+ /* Search if there are non-printable or control characters */
|
||||
for (cp = field; '\0' != *cp; cp++) {
|
||||
if (!isprint (*cp)) {
|
||||
err = 1;
|
||||
+ }
|
||||
+ if (!iscntrl (*cp)) {
|
||||
+ err = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
--
|
||||
2.27.0
|
||||
|
||||
61
backport-Overhaul-valid_field.patch
Normal file
61
backport-Overhaul-valid_field.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||
Date: Fri, 31 Mar 2023 14:46:50 +0200
|
||||
Subject: [PATCH] Overhaul valid_field()
|
||||
|
||||
e5905c4b ("Added control character check") introduced checking for
|
||||
control characters but had the logic inverted, so it rejects all
|
||||
characters that are not control ones.
|
||||
|
||||
Cast the character to `unsigned char` before passing to the character
|
||||
checking functions to avoid UB.
|
||||
|
||||
Use strpbrk(3) for the illegal character test and return early.
|
||||
---
|
||||
lib/fields.c | 24 ++++++++++--------------
|
||||
1 file changed, 10 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/lib/fields.c b/lib/fields.c
|
||||
index fb51b582..53929248 100644
|
||||
--- a/lib/fields.c
|
||||
+++ b/lib/fields.c
|
||||
@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal)
|
||||
|
||||
/* For each character of field, search if it appears in the list
|
||||
* of illegal characters. */
|
||||
+ if (illegal && NULL != strpbrk (field, illegal)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /* Search if there are non-printable or control characters */
|
||||
for (cp = field; '\0' != *cp; cp++) {
|
||||
- if (strchr (illegal, *cp) != NULL) {
|
||||
+ unsigned char c = *cp;
|
||||
+ if (!isprint (c)) {
|
||||
+ err = 1;
|
||||
+ }
|
||||
+ if (iscntrl (c)) {
|
||||
err = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
- if (0 == err) {
|
||||
- /* Search if there are non-printable or control characters */
|
||||
- for (cp = field; '\0' != *cp; cp++) {
|
||||
- if (!isprint (*cp)) {
|
||||
- err = 1;
|
||||
- }
|
||||
- if (!iscntrl (*cp)) {
|
||||
- err = -1;
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
-
|
||||
return err;
|
||||
}
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: shadow
|
||||
Version: 4.8.1
|
||||
Release: 5
|
||||
Release: 6
|
||||
Epoch: 2
|
||||
License: BSD and GPLv2+
|
||||
Summary: Tools for managing accounts and shadow password files
|
||||
@ -24,6 +24,8 @@ Patch7: shadow-4.1.5.1-var-lock.patch
|
||||
Patch8: shadow-utils-fix-lock-file-residue.patch
|
||||
Patch9: shadow-add-sm3-crypt-support.patch
|
||||
Patch10: groupdel-fix-SIGSEGV-when-passwd-does-not-exist.patch
|
||||
Patch11: backport-Added-control-character-check.patch
|
||||
Patch12: backport-Overhaul-valid_field.patch
|
||||
|
||||
BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
|
||||
BuildRequires: libacl-devel, libattr-devel gdb
|
||||
@ -170,6 +172,9 @@ done
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Thu Apr 20 2023 wangyunjia <yunjia.wang@huawei.com> - 2:4.8.1-6
|
||||
- fix CVE-2023-29383
|
||||
|
||||
* Fri Jan 28 2022 panxiaohe<panxh.life@foxmail.com> - 2:4.8.1-5
|
||||
- groupdel: fix SIGSEGV when passwd does not exist
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user