[Pkg-shadow-commits] r3294 - in upstream/trunk: . src

[Nicolas FRANÇOIS]

Author: nekral-guest
Date: 2011-02-16 00:18:45 +0000 (Wed, 16 Feb 2011)
New Revision: 3294

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/src/chfn.c
   upstream/trunk/src/chsh.c
Log:
	* NEWS, src/chfn.c, src/chsh.c: Fix CVE-2011-0721: forbid \n in
	gecos or shell.


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2011-02-15 23:54:07 UTC (rev 3293)
+++ upstream/trunk/ChangeLog	2011-02-16 00:18:45 UTC (rev 3294)
@@ -1,3 +1,8 @@
+2010-02-13  Nicolas François  <nicolas.francois at centraliens.net>
+
+	* NEWS, src/chfn.c, src/chsh.c: Fix CVE-2011-0721: forbid \n in
+	gecos or shell.
+
 2011-02-12  Nicolas François  <nicolas.francois at centraliens.net>
 
 	* autogen.sh: Restore original autoreconf (see 2010-08-29's change

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2011-02-15 23:54:07 UTC (rev 3293)
+++ upstream/trunk/NEWS	2011-02-16 00:18:45 UTC (rev 3294)
@@ -1,6 +1,6 @@
 $Id$
 
-shadow-4.1.4.2 -> shadow-4.1.5					UNRELEASED
+shadow-4.1.4.3 -> shadow-4.1.5					UNRELEASED
 
 - general
   * report usage error to stderr, but report usage help to stdout (and return
@@ -48,6 +48,12 @@
   * Updated Vietnamese translation.
   * Updated Kazakh translation.
 
+shadow-4.1.4.2 -> shadow-4.1.4.3						2011-02-15
+
+*** security:
+- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
+  to create users or groups in a NIS environment.
+
 shadow-4.1.4.1 -> shadow-4.1.4.2					2009-07-24
 
 - general

Modified: upstream/trunk/src/chfn.c
===================================================================
--- upstream/trunk/src/chfn.c	2011-02-15 23:54:07 UTC (rev 3293)
+++ upstream/trunk/src/chfn.c	2011-02-16 00:18:45 UTC (rev 3294)
@@ -551,14 +551,14 @@
 static void check_fields (void)
 {
 	int err;
-	err = valid_field (fullnm, ":,=");
+	err = valid_field (fullnm, ":,=\n");
 	if (err > 0) {
 		fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm);
 	} else if (err < 0) {
 		fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm);
 		fail_exit (E_NOPERM);
 	}
-	err = valid_field (roomno, ":,=");
+	err = valid_field (roomno, ":,=\n");
 	if (err > 0) {
 		fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno);
 	} else if (err < 0) {
@@ -566,17 +566,17 @@
 		         Prog, roomno);
 		fail_exit (E_NOPERM);
 	}
-	if (valid_field (workph, ":,=") != 0) {
+	if (valid_field (workph, ":,=\n") != 0) {
 		fprintf (stderr, _("%s: invalid work phone: '%s'\n"),
 		         Prog, workph);
 		fail_exit (E_NOPERM);
 	}
-	if (valid_field (homeph, ":,=") != 0) {
+	if (valid_field (homeph, ":,=\n") != 0) {
 		fprintf (stderr, _("%s: invalid home phone: '%s'\n"),
 		         Prog, homeph);
 		fail_exit (E_NOPERM);
 	}
-	err = valid_field (slop, ":");
+	err = valid_field (slop, ":\n");
 	if (err > 0) {
 		fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop);
 	} else if (err < 0) {

Modified: upstream/trunk/src/chsh.c
===================================================================
--- upstream/trunk/src/chsh.c	2011-02-15 23:54:07 UTC (rev 3293)
+++ upstream/trunk/src/chsh.c	2011-02-16 00:18:45 UTC (rev 3294)
@@ -528,7 +528,7 @@
 	 * users are restricted to using the shells in /etc/shells.
 	 * The shell must be executable by the user.
 	 */
-	if (valid_field (loginsh, ":,=") != 0) {
+	if (valid_field (loginsh, ":,=\n") != 0) {
 		fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh);
 		fail_exit (1);
 	}