[Pkg-shadow-commits] r3296 - in upstream/trunk: . lib libmisc po
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Wed Feb 16 20:32:17 UTC 2011
Author: nekral-guest
Date: 2011-02-16 20:32:16 +0000 (Wed, 16 Feb 2011)
New Revision: 3296
Added:
upstream/trunk/lib/fields.c
Removed:
upstream/trunk/libmisc/fields.c
Modified:
upstream/trunk/ChangeLog
upstream/trunk/lib/Makefile.am
upstream/trunk/lib/groupio.c
upstream/trunk/lib/pwio.c
upstream/trunk/lib/sgroupio.c
upstream/trunk/lib/shadowio.c
upstream/trunk/libmisc/Makefile.am
upstream/trunk/libmisc/user_busy.c
upstream/trunk/po/POTFILES.in
Log:
* lib/groupio.c, lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: Check
entry validity before commits to databases.
* libmisc/fields.c, libmisc/Makefile.am, lib/fields.c,
lib/Makefile.am, po/POTFILES.in: fields.c moved from libmisc to
lib.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2011-02-16 20:27:25 UTC (rev 3295)
+++ upstream/trunk/ChangeLog 2011-02-16 20:32:16 UTC (rev 3296)
@@ -1,3 +1,11 @@
+2010-02-15 Nicolas François <nicolas.francois at centraliens.net>
+
+ * lib/groupio.c, lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: Check
+ entry validity before commits to databases.
+ * libmisc/fields.c, libmisc/Makefile.am, lib/fields.c,
+ lib/Makefile.am, po/POTFILES.in: fields.c moved from libmisc to
+ lib.
+
2010-02-13 Nicolas François <nicolas.francois at centraliens.net>
* NEWS, src/chfn.c, src/chsh.c: Fix CVE-2011-0721: forbid \n in
Modified: upstream/trunk/lib/Makefile.am
===================================================================
--- upstream/trunk/lib/Makefile.am 2011-02-16 20:27:25 UTC (rev 3295)
+++ upstream/trunk/lib/Makefile.am 2011-02-16 20:32:16 UTC (rev 3296)
@@ -14,6 +14,7 @@
encrypt.c \
exitcodes.h \
faillog.h \
+ fields.c \
fputsx.c \
getdef.c \
getdef.h \
Copied: upstream/trunk/lib/fields.c (from rev 3289, upstream/trunk/libmisc/fields.c)
===================================================================
--- upstream/trunk/lib/fields.c (rev 0)
+++ upstream/trunk/lib/fields.c 2011-02-16 20:32:16 UTC (rev 3296)
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 1990 , Julianne Frances Haugh
+ * Copyright (c) 1996 - 1997, Marek Michałkiewicz
+ * Copyright (c) 2003 - 2005, Tomasz Kłoczko
+ * Copyright (c) 2007 , Nicolas François
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the copyright holders or contributors may not be used to
+ * endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <ctype.h>
+#include <string.h>
+#include <stdio.h>
+#include "prototypes.h"
+
+/*
+ * valid_field - insure that a field contains all legal characters
+ *
+ * The supplied field is scanned for non-printable and other illegal
+ * characters.
+ * + -1 is returned if an illegal character is present.
+ * + 1 is returned if no illegal characters are present, but the field
+ * contains a non-printable character.
+ * + 0 is returned otherwise.
+ */
+int valid_field (const char *field, const char *illegal)
+{
+ const char *cp;
+ int err = 0;
+
+ if (NULL == cp) {
+ return -1;
+ }
+
+ /* For each character of field, search if it appears in the list
+ * of illegal characters. */
+ for (cp = field; '\0' != *cp; cp++) {
+ if (strchr (illegal, *cp) != NULL) {
+ err = -1;
+ break;
+ }
+ }
+
+ if (0 == err) {
+ /* Search if there are some non-printable characters */
+ for (cp = field; '\0' != *cp; cp++) {
+ if (!isprint (*cp)) {
+ err = 1;
+ break;
+ }
+ }
+ }
+
+ return err;
+}
+
+/*
+ * change_field - change a single field if a new value is given.
+ *
+ * prompt the user with the name of the field being changed and the
+ * current value.
+ */
+void change_field (char *buf, size_t maxsize, const char *prompt)
+{
+ char newf[200];
+ char *cp;
+
+ if (maxsize > sizeof (newf)) {
+ maxsize = sizeof (newf);
+ }
+
+ printf ("\t%s [%s]: ", prompt, buf);
+ (void) fflush (stdout);
+ if (fgets (newf, (int) maxsize, stdin) != newf) {
+ return;
+ }
+
+ cp = strchr (newf, '\n');
+ if (NULL == cp) {
+ return;
+ }
+ *cp = '\0';
+
+ if ('\0' != newf[0]) {
+ /*
+ * Remove leading and trailing whitespace. This also
+ * makes it possible to change the field to empty, by
+ * entering a space. --marekm
+ */
+
+ while (--cp >= newf && isspace (*cp));
+ cp++;
+ *cp = '\0';
+
+ cp = newf;
+ while (('\0' != *cp) && isspace (*cp)) {
+ cp++;
+ }
+
+ strncpy (buf, cp, maxsize - 1);
+ buf[maxsize - 1] = '\0';
+ }
+}
+
Modified: upstream/trunk/lib/groupio.c
===================================================================
--- upstream/trunk/lib/groupio.c 2011-02-16 20:27:25 UTC (rev 3295)
+++ upstream/trunk/lib/groupio.c 2011-02-16 20:32:16 UTC (rev 3296)
@@ -80,6 +80,23 @@
{
const struct group *gr = ent;
+ if ( (NULL == gr)
+ || (valid_field (gr->gr_name, ":\n") == -1)
+ || (valid_field (gr->gr_passwd, ":\n") == -1)
+ || (gr->gr_gid == (gid_t)-1)) {
+ return -1;
+ }
+
+ /* FIXME: fail also if gr->gr_mem == NULL ?*/
+ if (NULL != gr->gr_mem) {
+ size_t i;
+ for (i = 0; NULL != gr->gr_mem[i]; i++) {
+ if (valid_field (gr->gr_mem[i], ",:\n") == -1) {
+ return -1;
+ }
+ }
+ }
+
return (putgrent (gr, file) == -1) ? -1 : 0;
}
Modified: upstream/trunk/lib/pwio.c
===================================================================
--- upstream/trunk/lib/pwio.c 2011-02-16 20:27:25 UTC (rev 3295)
+++ upstream/trunk/lib/pwio.c 2011-02-16 20:32:16 UTC (rev 3296)
@@ -72,6 +72,17 @@
{
const struct passwd *pw = ent;
+ if ( (NULL == pw)
+ || (valid_field (pw->pw_name, ":\n") == -1)
+ || (valid_field (pw->pw_passwd, ":\n") == -1)
+ || (pw->pw_uid == (uid_t)-1)
+ || (pw->pw_gid == (gid_t)-1)
+ || (valid_field (pw->pw_gecos, ":\n") == -1)
+ || (valid_field (pw->pw_dir, ":\n") == -1)
+ || (valid_field (pw->pw_shell, ":\n") == -1)) {
+ return -1;
+ }
+
return (putpwent (pw, file) == -1) ? -1 : 0;
}
Modified: upstream/trunk/lib/sgroupio.c
===================================================================
--- upstream/trunk/lib/sgroupio.c 2011-02-16 20:27:25 UTC (rev 3295)
+++ upstream/trunk/lib/sgroupio.c 2011-02-16 20:32:16 UTC (rev 3296)
@@ -169,6 +169,32 @@
{
const struct sgrp *sg = ent;
+ if ( (NULL == sg)
+ || (valid_field (sg->sg_name, ":\n") == -1)
+ || (valid_field (sg->sg_passwd, ":\n") == -1)) {
+ return -1;
+ }
+
+ /* FIXME: fail also if sg->sg_adm == NULL ?*/
+ if (NULL != sg->sg_adm) {
+ size_t i;
+ for (i = 0; NULL != sg->sg_adm[i]; i++) {
+ if (valid_field (sg->sg_adm[i], ",:\n") == -1) {
+ return -1;
+ }
+ }
+ }
+
+ /* FIXME: fail also if sg->sg_mem == NULL ?*/
+ if (NULL != sg->sg_mem) {
+ size_t i;
+ for (i = 0; NULL != sg->sg_mem[i]; i++) {
+ if (valid_field (sg->sg_mem[i], ",:\n") == -1) {
+ return -1;
+ }
+ }
+ }
+
return (putsgent (sg, file) == -1) ? -1 : 0;
}
Modified: upstream/trunk/lib/shadowio.c
===================================================================
--- upstream/trunk/lib/shadowio.c 2011-02-16 20:27:25 UTC (rev 3295)
+++ upstream/trunk/lib/shadowio.c 2011-02-16 20:32:16 UTC (rev 3296)
@@ -76,6 +76,12 @@
{
const struct spwd *sp = ent;
+ if ( (NULL == sp)
+ || (valid_field (sp->sp_namp, ":\n") == -1)
+ || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
+ return -1;
+ }
+
return (putspent (sp, file) == -1) ? -1 : 0;
}
Modified: upstream/trunk/libmisc/Makefile.am
===================================================================
--- upstream/trunk/libmisc/Makefile.am 2011-02-16 20:27:25 UTC (rev 3295)
+++ upstream/trunk/libmisc/Makefile.am 2011-02-16 20:32:16 UTC (rev 3296)
@@ -23,7 +23,6 @@
env.c \
failure.c \
failure.h \
- fields.c \
find_new_gid.c \
find_new_uid.c \
getdate.h \
Deleted: upstream/trunk/libmisc/fields.c
===================================================================
--- upstream/trunk/libmisc/fields.c 2011-02-16 20:27:25 UTC (rev 3295)
+++ upstream/trunk/libmisc/fields.c 2011-02-16 20:32:16 UTC (rev 3296)
@@ -1,126 +0,0 @@
-/*
- * Copyright (c) 1990 , Julianne Frances Haugh
- * Copyright (c) 1996 - 1997, Marek Michałkiewicz
- * Copyright (c) 2003 - 2005, Tomasz Kłoczko
- * Copyright (c) 2007 , Nicolas François
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the copyright holders or contributors may not be used to
- * endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <config.h>
-
-#ident "$Id$"
-
-#include <ctype.h>
-#include <string.h>
-#include <stdio.h>
-#include "prototypes.h"
-
-/*
- * valid_field - insure that a field contains all legal characters
- *
- * The supplied field is scanned for non-printable and other illegal
- * characters.
- * + -1 is returned if an illegal character is present.
- * + 1 is returned if no illegal characters are present, but the field
- * contains a non-printable character.
- * + 0 is returned otherwise.
- */
-int valid_field (const char *field, const char *illegal)
-{
- const char *cp;
- int err = 0;
-
- /* For each character of field, search if it appears in the list
- * of illegal characters. */
- for (cp = field; '\0' != *cp; cp++) {
- if (strchr (illegal, *cp) != NULL) {
- err = -1;
- break;
- }
- }
-
- if (0 == err) {
- /* Search if there are some non-printable characters */
- for (cp = field; '\0' != *cp; cp++) {
- if (!isprint (*cp)) {
- err = 1;
- break;
- }
- }
- }
-
- return err;
-}
-
-/*
- * change_field - change a single field if a new value is given.
- *
- * prompt the user with the name of the field being changed and the
- * current value.
- */
-void change_field (char *buf, size_t maxsize, const char *prompt)
-{
- char newf[200];
- char *cp;
-
- if (maxsize > sizeof (newf)) {
- maxsize = sizeof (newf);
- }
-
- printf ("\t%s [%s]: ", prompt, buf);
- (void) fflush (stdout);
- if (fgets (newf, (int) maxsize, stdin) != newf) {
- return;
- }
-
- cp = strchr (newf, '\n');
- if (NULL == cp) {
- return;
- }
- *cp = '\0';
-
- if ('\0' != newf[0]) {
- /*
- * Remove leading and trailing whitespace. This also
- * makes it possible to change the field to empty, by
- * entering a space. --marekm
- */
-
- while (--cp >= newf && isspace (*cp));
- cp++;
- *cp = '\0';
-
- cp = newf;
- while (('\0' != *cp) && isspace (*cp)) {
- cp++;
- }
-
- strncpy (buf, cp, maxsize - 1);
- buf[maxsize - 1] = '\0';
- }
-}
-
Modified: upstream/trunk/libmisc/user_busy.c
===================================================================
--- upstream/trunk/libmisc/user_busy.c 2011-02-16 20:27:25 UTC (rev 3295)
+++ upstream/trunk/libmisc/user_busy.c 2011-02-16 20:32:16 UTC (rev 3296)
@@ -43,7 +43,7 @@
#ifdef __linux__
static int check_status (const char *sname, uid_t uid);
-static int user_busy_processes (uid_t uid);
+static int user_busy_processes (const char *name, uid_t uid);
#else /* !__linux__ */
static int user_busy_utmp (const char *name);
#endif /* !__linux__ */
@@ -58,7 +58,7 @@
*/
#ifdef __linux__
/* On Linux, directly parse /proc */
- return user_busy_processes (uid);
+ return user_busy_processes (name, uid);
#else /* !__linux__ */
/* If we cannot rely on /proc, check is there is a record in utmp
* indicating that the user is still logged in */
@@ -91,6 +91,9 @@
continue;
}
+ fprintf (stderr,
+ _("%s: user %s is currently logged in\n"),
+ Prog, name);
return 1;
}
@@ -137,7 +140,7 @@
return 0;
}
-static int user_busy_processes (uid_t uid)
+static int user_busy_processes (const char *name, uid_t uid)
{
DIR *proc;
struct dirent *ent;
@@ -195,6 +198,9 @@
if (check_status (tmp_d_name, uid) != 0) {
(void) closedir (proc);
+ fprintf (stderr,
+ _("%s: user %s is currently used by process %d\n"),
+ Prog, name, pid);
return 1;
}
@@ -212,6 +218,9 @@
}
if (check_status (task_path+6, uid) != 0) {
(void) closedir (proc);
+ fprintf (stderr,
+ _("%s: user %s is currently used by process %d\n"),
+ Prog, name, pid);
return 1;
}
}
Modified: upstream/trunk/po/POTFILES.in
===================================================================
--- upstream/trunk/po/POTFILES.in 2011-02-16 20:27:25 UTC (rev 3295)
+++ upstream/trunk/po/POTFILES.in 2011-02-16 20:32:16 UTC (rev 3296)
@@ -2,6 +2,7 @@
lib/commonio.c
lib/encrypt.c
+lib/fields.c
lib/fputsx.c
lib/getdef.c
lib/get_gid.c
@@ -40,7 +41,6 @@
libmisc/entry.c
libmisc/env.c
libmisc/failure.c
-libmisc/fields.c
libmisc/find_new_gid.c
libmisc/find_new_uid.c
libmisc/getgr_nam_gid.c
More information about the Pkg-shadow-commits
mailing list