diff options
| author | nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7> | 2011-02-16 00:18:45 +0000 |
|---|---|---|
| committer | youngjae cho <y0.cho@samsung.com> | 2024-05-14 07:58:59 +0000 |
| commit | a35300b74e409485caf7df0c6368d81002385c74 (patch) | |
| tree | 9eada8c078347ca02263419fea546189d7b7f807 | |
| parent | cd5d782ea7e9bce1197eb3b3dbea897202d63093 (diff) | |
| download | shadow-utils-accepted/tizen_base_x.tar.gz shadow-utils-accepted/tizen_base_x.tar.bz2 shadow-utils-accepted/tizen_base_x.zip | |
backporting: CVE-2011-0721accepted/tizen/base/x/asan/20240624.231533accepted/tizen/base/x/20240526.035716accepted/tizen/base/toolchain/20240603.231428accepted/tizen/base/20240530.091903tizen_baseaccepted/tizen_base_x_asanaccepted/tizen_base_xaccepted/tizen_base_toolchainaccepted/tizen_base
shadow-4.1.4.2 -> shadow-4.1.4.3
*** security:
- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
to create users or groups in a NIS environment.
Origin: upstream, https://github.com/shadow-maint/shadow/commit/0419fc4
Change-Id: I075d55f270ceecfe327640bbac2474a52019ecb8
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
(cherry picked from commit 4c500dfcd7f8bb962a9dc9a3d79fa2b29ec80ad8)
| -rw-r--r-- | src/chfn.c | 10 | ||||
| -rw-r--r-- | src/chsh.c | 2 |
2 files changed, 6 insertions, 6 deletions
@@ -551,14 +551,14 @@ static void get_old_fields (const char *gecos) static void check_fields (void) { int err; - err = valid_field (fullnm, ":,="); + err = valid_field (fullnm, ":,=\n"); if (err > 0) { fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm); } else if (err < 0) { fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm); fail_exit (E_NOPERM); } - err = valid_field (roomno, ":,="); + err = valid_field (roomno, ":,=\n"); if (err > 0) { fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno); } else if (err < 0) { @@ -566,17 +566,17 @@ static void check_fields (void) Prog, roomno); fail_exit (E_NOPERM); } - if (valid_field (workph, ":,=") != 0) { + if (valid_field (workph, ":,=\n") != 0) { fprintf (stderr, _("%s: invalid work phone: '%s'\n"), Prog, workph); fail_exit (E_NOPERM); } - if (valid_field (homeph, ":,=") != 0) { + if (valid_field (homeph, ":,=\n") != 0) { fprintf (stderr, _("%s: invalid home phone: '%s'\n"), Prog, homeph); fail_exit (E_NOPERM); } - err = valid_field (slop, ":"); + err = valid_field (slop, ":\n"); if (err > 0) { fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop); } else if (err < 0) { @@ -528,7 +528,7 @@ int main (int argc, char **argv) * users are restricted to using the shells in /etc/shells. * The shell must be executable by the user. */ - if (valid_field (loginsh, ":,=") != 0) { + if (valid_field (loginsh, ":,=\n") != 0) { fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh); fail_exit (1); } |