diff options
author | Vijay Anusuri <vanusuri@mvista.com> | 2023-11-23 09:07:05 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-12-01 04:14:18 -1000 |
commit | 7c678246f658d306f759a17533fbb012492412ae (patch) | |
tree | f96669bb2bb1e213abea592fb6c36dd60852bc55 /meta/recipes-extended/shadow | |
parent | d3f1ae99a7e3f758421f5e761910f9281a3fec8e (diff) | |
download | poky-7c678246f658d306f759a17533fbb012492412ae.tar.gz |
shadow: backport patch to fix CVE-2023-29383
The fix of CVE-2023-29383.patch contains a bug that it rejects all
characters that are not control ones, so backup another patch named
"0001-Overhaul-valid_field.patch" from upstream to fix it.
(From OE-Core rev: ab48ab23de6f6bb1f05689c97724140d4bef8faa)
Upstream-Status: Backport
[https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
&
https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d55998386e4ceb4273c19eb4]
(From OE-Core rev: a53d446c289f07854e286479cd7e4843ddd0ee8c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-extended/shadow')
-rw-r--r-- | meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch | 66 | ||||
-rw-r--r-- | meta/recipes-extended/shadow/files/CVE-2023-29383.patch | 54 | ||||
-rw-r--r-- | meta/recipes-extended/shadow/shadow.inc | 2 |
3 files changed, 122 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch new file mode 100644 index 0000000000..aea07ff361 --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch | |||
@@ -0,0 +1,66 @@ | |||
1 | From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> | ||
3 | Date: Fri, 31 Mar 2023 14:46:50 +0200 | ||
4 | Subject: [PATCH] Overhaul valid_field() | ||
5 | |||
6 | e5905c4b ("Added control character check") introduced checking for | ||
7 | control characters but had the logic inverted, so it rejects all | ||
8 | characters that are not control ones. | ||
9 | |||
10 | Cast the character to `unsigned char` before passing to the character | ||
11 | checking functions to avoid UB. | ||
12 | |||
13 | Use strpbrk(3) for the illegal character test and return early. | ||
14 | |||
15 | Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d55998386e4ceb4273c19eb4] | ||
16 | |||
17 | Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> | ||
18 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
19 | --- | ||
20 | lib/fields.c | 24 ++++++++++-------------- | ||
21 | 1 file changed, 10 insertions(+), 14 deletions(-) | ||
22 | |||
23 | diff --git a/lib/fields.c b/lib/fields.c | ||
24 | index fb51b582..53929248 100644 | ||
25 | --- a/lib/fields.c | ||
26 | +++ b/lib/fields.c | ||
27 | @@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal) | ||
28 | |||
29 | /* For each character of field, search if it appears in the list | ||
30 | * of illegal characters. */ | ||
31 | + if (illegal && NULL != strpbrk (field, illegal)) { | ||
32 | + return -1; | ||
33 | + } | ||
34 | + | ||
35 | + /* Search if there are non-printable or control characters */ | ||
36 | for (cp = field; '\0' != *cp; cp++) { | ||
37 | - if (strchr (illegal, *cp) != NULL) { | ||
38 | + unsigned char c = *cp; | ||
39 | + if (!isprint (c)) { | ||
40 | + err = 1; | ||
41 | + } | ||
42 | + if (iscntrl (c)) { | ||
43 | err = -1; | ||
44 | break; | ||
45 | } | ||
46 | } | ||
47 | |||
48 | - if (0 == err) { | ||
49 | - /* Search if there are non-printable or control characters */ | ||
50 | - for (cp = field; '\0' != *cp; cp++) { | ||
51 | - if (!isprint (*cp)) { | ||
52 | - err = 1; | ||
53 | - } | ||
54 | - if (!iscntrl (*cp)) { | ||
55 | - err = -1; | ||
56 | - break; | ||
57 | - } | ||
58 | - } | ||
59 | - } | ||
60 | - | ||
61 | return err; | ||
62 | } | ||
63 | |||
64 | -- | ||
65 | 2.34.1 | ||
66 | |||
diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch new file mode 100644 index 0000000000..dbf4a508e9 --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch | |||
@@ -0,0 +1,54 @@ | |||
1 | From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 | ||
2 | From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> | ||
3 | Date: Thu, 23 Mar 2023 23:39:38 +0000 | ||
4 | Subject: [PATCH] Added control character check | ||
5 | |||
6 | Added control character check, returning -1 (to "err") if control characters are present. | ||
7 | |||
8 | CVE: CVE-2023-29383 | ||
9 | Upstream-Status: Backport | ||
10 | |||
11 | Reference to upstream: | ||
12 | https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d | ||
13 | |||
14 | Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> | ||
15 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
16 | --- | ||
17 | lib/fields.c | 11 +++++++---- | ||
18 | 1 file changed, 7 insertions(+), 4 deletions(-) | ||
19 | |||
20 | diff --git a/lib/fields.c b/lib/fields.c | ||
21 | index 640be931..fb51b582 100644 | ||
22 | --- a/lib/fields.c | ||
23 | +++ b/lib/fields.c | ||
24 | @@ -21,9 +21,9 @@ | ||
25 | * | ||
26 | * The supplied field is scanned for non-printable and other illegal | ||
27 | * characters. | ||
28 | - * + -1 is returned if an illegal character is present. | ||
29 | - * + 1 is returned if no illegal characters are present, but the field | ||
30 | - * contains a non-printable character. | ||
31 | + * + -1 is returned if an illegal or control character is present. | ||
32 | + * + 1 is returned if no illegal or control characters are present, | ||
33 | + * but the field contains a non-printable character. | ||
34 | * + 0 is returned otherwise. | ||
35 | */ | ||
36 | int valid_field (const char *field, const char *illegal) | ||
37 | @@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) | ||
38 | } | ||
39 | |||
40 | if (0 == err) { | ||
41 | - /* Search if there are some non-printable characters */ | ||
42 | + /* Search if there are non-printable or control characters */ | ||
43 | for (cp = field; '\0' != *cp; cp++) { | ||
44 | if (!isprint (*cp)) { | ||
45 | err = 1; | ||
46 | + } | ||
47 | + if (!iscntrl (*cp)) { | ||
48 | + err = -1; | ||
49 | break; | ||
50 | } | ||
51 | } | ||
52 | -- | ||
53 | 2.34.1 | ||
54 | |||
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index bfe50c18f6..2ecab5073d 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc | |||
@@ -14,6 +14,8 @@ SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}. | |||
14 | file://shadow-4.1.3-dots-in-usernames.patch \ | 14 | file://shadow-4.1.3-dots-in-usernames.patch \ |
15 | ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ | 15 | ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ |
16 | file://shadow-relaxed-usernames.patch \ | 16 | file://shadow-relaxed-usernames.patch \ |
17 | file://CVE-2023-29383.patch \ | ||
18 | file://0001-Overhaul-valid_field.patch \ | ||
17 | " | 19 | " |
18 | 20 | ||
19 | SRC_URI_append_class-target = " \ | 21 | SRC_URI_append_class-target = " \ |