Address CVE-2023-29383 in shadow-utils (#6239)
The CVE was fixed incorrectly in the first attempt by the shadow maintainers. For the patch to work correctly, it requires the bad patch followed by the correct one. For Mariner, both the patches are part of the same patch file.
This commit is contained in:
kanikanema
GitHub
Родитель
c1dc869a11
Коммит
79e99aa83a
|
|
@ -0,0 +1,107 @@
|
|||
From 8c7d6c407fd544db2cefa93b9fc95beadc00e132 Mon Sep 17 00:00:00 2001
|
||||
From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
|
||||
Date: Thu, 23 Mar 2023 23:39:38 +0000
|
||||
Subject: [PATCH 1/2] Added control character check
|
||||
|
||||
Added control character check, returning -1 (to "err") if control characters are present.
|
||||
---
|
||||
lib/fields.c | 11 +++++++----
|
||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/fields.c b/lib/fields.c
|
||||
index 649fae17..b8f13ba7 100644
|
||||
--- a/lib/fields.c
|
||||
+++ b/lib/fields.c
|
||||
@@ -44,9 +44,9 @@
|
||||
*
|
||||
* The supplied field is scanned for non-printable and other illegal
|
||||
* characters.
|
||||
- * + -1 is returned if an illegal character is present.
|
||||
- * + 1 is returned if no illegal characters are present, but the field
|
||||
- * contains a non-printable character.
|
||||
+ * + -1 is returned if an illegal or control character is present.
|
||||
+ * + 1 is returned if no illegal or control characters are present,
|
||||
+ * but the field contains a non-printable character.
|
||||
* + 0 is returned otherwise.
|
||||
*/
|
||||
int valid_field (const char *field, const char *illegal)
|
||||
@@ -68,10 +68,13 @@ int valid_field (const char *field, const char *illegal)
|
||||
}
|
||||
|
||||
if (0 == err) {
|
||||
- /* Search if there are some non-printable characters */
|
||||
+ /* Search if there are non-printable or control characters */
|
||||
for (cp = field; '\0' != *cp; cp++) {
|
||||
if (!isprint (*cp)) {
|
||||
err = 1;
|
||||
+ }
|
||||
+ if (!iscntrl (*cp)) {
|
||||
+ err = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
||||
From 332037afa44a6ed81b91394d89972d2da3b1577d Mon Sep 17 00:00:00 2001
|
||||
From: Christian Göttsche <cgzones@googlemail.com>
|
||||
Date: Fri, 31 Mar 2023 14:46:50 +0200
|
||||
Subject: [PATCH 2/2] Overhaul valid_field()
|
||||
|
||||
e5905c4b ("Added control character check") introduced checking for
|
||||
control characters but had the logic inverted, so it rejects all
|
||||
characters that are not control ones.
|
||||
|
||||
Cast the character to `unsigned char` before passing to the character
|
||||
checking functions to avoid UB.
|
||||
|
||||
Use strpbrk(3) for the illegal character test and return early.
|
||||
---
|
||||
lib/fields.c | 24 ++++++++++--------------
|
||||
1 file changed, 10 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/lib/fields.c b/lib/fields.c
|
||||
index b8f13ba7..191257e8 100644
|
||||
--- a/lib/fields.c
|
||||
+++ b/lib/fields.c
|
||||
@@ -60,26 +60,22 @@ int valid_field (const char *field, const char *illegal)
|
||||
|
||||
/* For each character of field, search if it appears in the list
|
||||
* of illegal characters. */
|
||||
+ if (illegal && NULL != strpbrk (field, illegal)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /* Search if there are non-printable or control characters */
|
||||
for (cp = field; '\0' != *cp; cp++) {
|
||||
- if (strchr (illegal, *cp) != NULL) {
|
||||
+ unsigned char c = *cp;
|
||||
+ if (!isprint (c)) {
|
||||
+ err = 1;
|
||||
+ }
|
||||
+ if (iscntrl (c)) {
|
||||
err = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
- if (0 == err) {
|
||||
- /* Search if there are non-printable or control characters */
|
||||
- for (cp = field; '\0' != *cp; cp++) {
|
||||
- if (!isprint (*cp)) {
|
||||
- err = 1;
|
||||
- }
|
||||
- if (!iscntrl (*cp)) {
|
||||
- err = -1;
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
-
|
||||
return err;
|
||||
}
|
||||
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Programs for handling passwords in a secure way
|
||||
Name: shadow-utils
|
||||
Version: 4.9
|
||||
Release: 12%{?dist}
|
||||
Release: 13%{?dist}
|
||||
License: BSD
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
|
@ -22,6 +22,7 @@ Source12: useradd-default
|
|||
Source13: login-defs
|
||||
Patch0: chkname-allowcase.patch
|
||||
Patch1: libsubid-pam-link.patch
|
||||
Patch2: CVE-2023-29383.patch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: automake
|
||||
|
|
@ -70,6 +71,7 @@ Libraries and headers for libsubid
|
|||
%setup -q -n shadow-%{version}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
autoreconf -fiv
|
||||
|
||||
|
|
@ -176,6 +178,9 @@ chmod 000 %{_sysconfdir}/shadow
|
|||
%{_libdir}/libsubid.so
|
||||
|
||||
%changelog
|
||||
* Wed Sep 20 2023 Kanika Nema <kanikanema@microsoft.com> - 4.9-13
|
||||
- Address CVE-2023-29383
|
||||
|
||||
* Wed May 24 2023 Tobias Brick <tobiasb@microsoft.com> - 4.9-12
|
||||
- Add SETUID bit to passwd binary
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче