1 files changed, 283 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
new file mode 100644
index 0000000000..aea07bd803
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
@@ -0,0 +1,283 @@
+From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Date: Fri, 30 Jun 2023 19:02:45 +0200
+Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check
+ set*id() return values
+Several setuid(), setgid(), seteuid() and setguid() return values
+were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
+leading to potential security issues.
+CVE: CVE-2023-40303
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
+Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ ftpd/ftpd.c  | 10 +++++++---
+ src/rcp.c    | 39 +++++++++++++++++++++++++++++++++------
+ src/rlogin.c | 11 +++++++++--
+ src/rsh.c    | 25 +++++++++++++++++++++----
+ src/rshd.c   | 20 +++++++++++++++++---
+ src/uucpd.c  | 15 +++++++++++++--
+ 6 files changed, 100 insertions(+), 20 deletions(-)
+diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
+index 5db88d0..b52b122 100644
+--- a/ftpd/ftpd.c
+++ b/ftpd/ftpd.c
+@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
+   char *remotehost = pcred->remotehost;
+   int atype = pcred->auth_type;
+ 
+-  seteuid ((uid_t) 0);
+  if (seteuid ((uid_t) 0) == -1)
+    _exit (EXIT_FAILURE);
+
+   if (pcred->logged_in)
+     {
+       logwtmp_keep_open (ttyline, "", "");
+@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
+ 
+   if (data >= 0)
+     return fdopen (data, mode);
+-  seteuid ((uid_t) 0);
+  if (seteuid ((uid_t) 0) == -1)
+    _exit (EXIT_FAILURE);
+   s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
+   if (s < 0)
+     goto bad;
+@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
+   else /* !AF_INET6 */
+     ((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
+ 
+-  seteuid ((uid_t) 0);
+  if (seteuid ((uid_t) 0) == -1)
+    _exit (EXIT_FAILURE);
+   if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
+     {
+       if (seteuid ((uid_t) cred.uid))
+diff --git a/src/rcp.c b/src/rcp.c
+index bafa35f..366295c 100644
+--- a/src/rcp.c
+++ b/src/rcp.c
+@@ -347,14 +347,23 @@ main (int argc, char *argv[])
+   if (from_option)
+     {                          /* Follow "protocol", send data. */
+       response ();
+-      setuid (userid);
+
+      if (setuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+      }
+
+       source (argc, argv);
+       exit (errs);
+     }
+ 
+   if (to_option)
+     {                          /* Receive data. */
+-      setuid (userid);
+      if (setuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+      }
+
+       sink (argc, argv);
+       exit (errs);
+     }
+@@ -539,7 +548,11 @@ toremote (char *targ, int argc, char *argv[])
+              if (response () < 0)
+                exit (EXIT_FAILURE);
+              free (bp);
+-             setuid (userid);
+
+             if (setuid (userid) == -1)
+              {
+                error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+              }
+            }
+          source (1, argv + i);
+          close (rem);
+@@ -634,7 +647,12 @@ tolocal (int argc, char *argv[])
+          ++errs;
+          continue;
+        }
+-      seteuid (userid);
+
+      if (seteuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+      }
+
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+       sslen = sizeof (ss);
+       (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
+@@ -647,7 +665,12 @@ tolocal (int argc, char *argv[])
+ #endif
+       vect[0] = target;
+       sink (1, vect);
+-      seteuid (effuid);
+
+      if (seteuid (effuid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+      }
+
+       close (rem);
+       rem = -1;
+ #ifdef SHISHI
+@@ -1453,7 +1476,11 @@ susystem (char *s, int userid)
+       return (127);
+ 
+     case 0:
+-      setuid (userid);
+      if (setuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+      }
+
+       execl (PATH_BSHELL, "sh", "-c", s, NULL);
+       _exit (127);
+     }
+diff --git a/src/rlogin.c b/src/rlogin.c
+index e5e11a7..6b38901 100644
+--- a/src/rlogin.c
+++ b/src/rlogin.c
+@@ -649,8 +649,15 @@ try_connect:
+   /* Now change to the real user ID.  We have to be set-user-ID root
+      to get the privileged port that rcmd () uses.  We now want, however,
+      to run as the real user who invoked us.  */
+-  seteuid (uid);
+-  setuid (uid);
+  if (seteuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+  }
+
+  if (setuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+  }
+ 
+   doit (&osmask);      /* The old mask will activate SIGURG and SIGUSR1!  */
+ 
+diff --git a/src/rsh.c b/src/rsh.c
+index bd70372..b451a70 100644
+--- a/src/rsh.c
+++ b/src/rsh.c
+@@ -278,8 +278,17 @@ main (int argc, char **argv)
+     {
+       if (asrsh)
+        *argv = (char *) "rlogin";
+-      seteuid (getuid ());
+-      setuid (getuid ());
+
+      if (seteuid (getuid ()) == -1)
+      {
+        error (EXIT_FAILURE, errno, "seteuid() failed");
+      }
+
+      if (setuid (getuid ()) == -1)
+      {
+        error (EXIT_FAILURE, errno, "setuid() failed");
+      }
+
+       execv (PATH_RLOGIN, argv);
+       error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+     }
+@@ -543,8 +552,16 @@ try_connect:
+        error (0, errno, "setsockopt DEBUG (ignored)");
+     }
+ 
+-  seteuid (uid);
+-  setuid (uid);
+  if (seteuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, errno, "seteuid() failed");
+  }
+
+  if (setuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, errno, "setuid() failed");
+  }
+
+ #ifdef HAVE_SIGACTION
+   sigemptyset (&sigs);
+   sigaddset (&sigs, SIGINT);
+diff --git a/src/rshd.c b/src/rshd.c
+index b824a10..8cdcd06 100644
+--- a/src/rshd.c
+++ b/src/rshd.c
+@@ -1848,8 +1848,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+     pwd->pw_shell = PATH_BSHELL;
+ 
+   /* Set the gid, then uid to become the user specified by "locuser" */
+-  setegid ((gid_t) pwd->pw_gid);
+-  setgid ((gid_t) pwd->pw_gid);
+  if (setegid ((gid_t) pwd->pw_gid) == -1)
+  {
+    rshd_error ("Cannot drop privileges (setegid() failed)\n");
+    exit (EXIT_FAILURE);
+  }
+
+  if (setgid ((gid_t) pwd->pw_gid) == -1)
+  {
+    rshd_error ("Cannot drop privileges (setgid() failed)\n");
+    exit (EXIT_FAILURE);
+  }
+
+ #ifdef HAVE_INITGROUPS
+   initgroups (pwd->pw_name, pwd->pw_gid);      /* BSD groups */
+ #endif
+@@ -1871,7 +1881,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+     }
+ #endif /* WITH_PAM */
+ 
+-  setuid ((uid_t) pwd->pw_uid);
+  if (setuid ((uid_t) pwd->pw_uid) == -1)
+  {
+    rshd_error ("Cannot drop privileges (setuid() failed)\n");
+    exit (EXIT_FAILURE);
+  }
+ 
+   /* We'll execute the client's command in the home directory
+    * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 55c3d44..6aba294 100644
+--- a/src/uucpd.c
+++ b/src/uucpd.c
+@@ -254,7 +254,12 @@ doit (struct sockaddr *sap, socklen_t salen)
+   sprintf (Username, "USER=%s", user);
+   sprintf (Logname, "LOGNAME=%s", user);
+   dologin (pw, sap, salen);
+-  setgid (pw->pw_gid);
+
+  if (setgid (pw->pw_gid) == -1)
+  {
+    fprintf (stderr, "setgid() failed");
+    return;
+  }
+ #ifdef HAVE_INITGROUPS
+   initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -263,7 +268,13 @@ doit (struct sockaddr *sap, socklen_t salen)
+       fprintf (stderr, "Login incorrect.");
+       return;
+     }
+-  setuid (pw->pw_uid);
+
+  if (setuid (pw->pw_uid) == -1)
+  {
+    fprintf (stderr, "setuid() failed");
+    return;
+  }
+
+   execl (uucico_location, "uucico", NULL);
+   perror ("uucico server: execl");
+ }
+-- 
+2.25.1

diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch new file mode 100644 index 0000000000..aea07bd803 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
@@ -0,0 +1,283 @@
	1	From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001
	2	From: Jeffrey Bencteux <jeffbencteux@gmail.com>
	3	Date: Fri, 30 Jun 2023 19:02:45 +0200
	4	Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check
	5	set*id() return values
	6
	7	Several setuid(), setgid(), seteuid() and setguid() return values
	8	were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
	9	leading to potential security issues.
	10
	11	CVE: CVE-2023-40303
	12	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
	13	Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
	14	Signed-off-by: Simon Josefsson <simon@josefsson.org>
	15	Signed-off-by: Khem Raj <raj.khem@gmail.com>
	16	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	17	---
	18	ftpd/ftpd.c \| 10 +++++++---
	19	src/rcp.c \| 39 +++++++++++++++++++++++++++++++++------
	20	src/rlogin.c \| 11 +++++++++--
	21	src/rsh.c \| 25 +++++++++++++++++++++----
	22	src/rshd.c \| 20 +++++++++++++++++---
	23	src/uucpd.c \| 15 +++++++++++++--
	24	6 files changed, 100 insertions(+), 20 deletions(-)
	25
	26	diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
	27	index 5db88d0..b52b122 100644
	28	--- a/ftpd/ftpd.c
	29	+++ b/ftpd/ftpd.c
	30	@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
	31	char *remotehost = pcred->remotehost;
	32	int atype = pcred->auth_type;
	33
	34	- seteuid ((uid_t) 0);
	35	+ if (seteuid ((uid_t) 0) == -1)
	36	+ _exit (EXIT_FAILURE);
	37	+
	38	if (pcred->logged_in)
	39	{
	40	logwtmp_keep_open (ttyline, "", "");
	41	@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
	42
	43	if (data >= 0)
	44	return fdopen (data, mode);
	45	- seteuid ((uid_t) 0);
	46	+ if (seteuid ((uid_t) 0) == -1)
	47	+ _exit (EXIT_FAILURE);
	48	s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
	49	if (s < 0)
	50	goto bad;
	51	@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
	52	else /* !AF_INET6 */
	53	((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
	54
	55	- seteuid ((uid_t) 0);
	56	+ if (seteuid ((uid_t) 0) == -1)
	57	+ _exit (EXIT_FAILURE);
	58	if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
	59	{
	60	if (seteuid ((uid_t) cred.uid))
	61	diff --git a/src/rcp.c b/src/rcp.c
	62	index bafa35f..366295c 100644
	63	--- a/src/rcp.c
	64	+++ b/src/rcp.c
	65	@@ -347,14 +347,23 @@ main (int argc, char *argv[])
	66	if (from_option)
	67	{ /* Follow "protocol", send data. */
	68	response ();
	69	- setuid (userid);
	70	+
	71	+ if (setuid (userid) == -1)
	72	+ {
	73	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
	74	+ }
	75	+
	76	source (argc, argv);
	77	exit (errs);
	78	}
	79
	80	if (to_option)
	81	{ /* Receive data. */
	82	- setuid (userid);
	83	+ if (setuid (userid) == -1)
	84	+ {
	85	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
	86	+ }
	87	+
	88	sink (argc, argv);
	89	exit (errs);
	90	}
	91	@@ -539,7 +548,11 @@ toremote (char targ, int argc, char argv[])
	92	if (response () < 0)
	93	exit (EXIT_FAILURE);
	94	free (bp);
	95	- setuid (userid);
	96	+
	97	+ if (setuid (userid) == -1)
	98	+ {
	99	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
	100	+ }
	101	}
	102	source (1, argv + i);
	103	close (rem);
	104	@@ -634,7 +647,12 @@ tolocal (int argc, char *argv[])
	105	++errs;
	106	continue;
	107	}
	108	- seteuid (userid);
	109	+
	110	+ if (seteuid (userid) == -1)
	111	+ {
	112	+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
	113	+ }
	114	+
	115	#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
	116	sslen = sizeof (ss);
	117	(void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
	118	@@ -647,7 +665,12 @@ tolocal (int argc, char *argv[])
	119	#endif
	120	vect[0] = target;
	121	sink (1, vect);
	122	- seteuid (effuid);
	123	+
	124	+ if (seteuid (effuid) == -1)
	125	+ {
	126	+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
	127	+ }
	128	+
	129	close (rem);
	130	rem = -1;
	131	#ifdef SHISHI
	132	@@ -1453,7 +1476,11 @@ susystem (char *s, int userid)
	133	return (127);
	134
	135	case 0:
	136	- setuid (userid);
	137	+ if (setuid (userid) == -1)
	138	+ {
	139	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
	140	+ }
	141	+
	142	execl (PATH_BSHELL, "sh", "-c", s, NULL);
	143	_exit (127);
	144	}
	145	diff --git a/src/rlogin.c b/src/rlogin.c
	146	index e5e11a7..6b38901 100644
	147	--- a/src/rlogin.c
	148	+++ b/src/rlogin.c
	149	@@ -649,8 +649,15 @@ try_connect:
	150	/* Now change to the real user ID. We have to be set-user-ID root
	151	to get the privileged port that rcmd () uses. We now want, however,
	152	to run as the real user who invoked us. */
	153	- seteuid (uid);
	154	- setuid (uid);
	155	+ if (seteuid (uid) == -1)
	156	+ {
	157	+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
	158	+ }
	159	+
	160	+ if (setuid (uid) == -1)
	161	+ {
	162	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
	163	+ }
	164
	165	doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
	166
	167	diff --git a/src/rsh.c b/src/rsh.c
	168	index bd70372..b451a70 100644
	169	--- a/src/rsh.c
	170	+++ b/src/rsh.c
	171	@@ -278,8 +278,17 @@ main (int argc, char **argv)
	172	{
	173	if (asrsh)
	174	argv = (char ) "rlogin";
	175	- seteuid (getuid ());
	176	- setuid (getuid ());
	177	+
	178	+ if (seteuid (getuid ()) == -1)
	179	+ {
	180	+ error (EXIT_FAILURE, errno, "seteuid() failed");
	181	+ }
	182	+
	183	+ if (setuid (getuid ()) == -1)
	184	+ {
	185	+ error (EXIT_FAILURE, errno, "setuid() failed");
	186	+ }
	187	+
	188	execv (PATH_RLOGIN, argv);
	189	error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
	190	}
	191	@@ -543,8 +552,16 @@ try_connect:
	192	error (0, errno, "setsockopt DEBUG (ignored)");
	193	}
	194
	195	- seteuid (uid);
	196	- setuid (uid);
	197	+ if (seteuid (uid) == -1)
	198	+ {
	199	+ error (EXIT_FAILURE, errno, "seteuid() failed");
	200	+ }
	201	+
	202	+ if (setuid (uid) == -1)
	203	+ {
	204	+ error (EXIT_FAILURE, errno, "setuid() failed");
	205	+ }
	206	+
	207	#ifdef HAVE_SIGACTION
	208	sigemptyset (&sigs);
	209	sigaddset (&sigs, SIGINT);
	210	diff --git a/src/rshd.c b/src/rshd.c
	211	index b824a10..8cdcd06 100644
	212	--- a/src/rshd.c
	213	+++ b/src/rshd.c
	214	@@ -1848,8 +1848,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
	215	pwd->pw_shell = PATH_BSHELL;
	216
	217	/* Set the gid, then uid to become the user specified by "locuser" */
	218	- setegid ((gid_t) pwd->pw_gid);
	219	- setgid ((gid_t) pwd->pw_gid);
	220	+ if (setegid ((gid_t) pwd->pw_gid) == -1)
	221	+ {
	222	+ rshd_error ("Cannot drop privileges (setegid() failed)\n");
	223	+ exit (EXIT_FAILURE);
	224	+ }
	225	+
	226	+ if (setgid ((gid_t) pwd->pw_gid) == -1)
	227	+ {
	228	+ rshd_error ("Cannot drop privileges (setgid() failed)\n");
	229	+ exit (EXIT_FAILURE);
	230	+ }
	231	+
	232	#ifdef HAVE_INITGROUPS
	233	initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
	234	#endif
	235	@@ -1871,7 +1881,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
	236	}
	237	#endif /* WITH_PAM */
	238
	239	- setuid ((uid_t) pwd->pw_uid);
	240	+ if (setuid ((uid_t) pwd->pw_uid) == -1)
	241	+ {
	242	+ rshd_error ("Cannot drop privileges (setuid() failed)\n");
	243	+ exit (EXIT_FAILURE);
	244	+ }
	245
	246	/* We'll execute the client's command in the home directory
	247	* of locuser. Note, that the chdir must be executed after
	248	diff --git a/src/uucpd.c b/src/uucpd.c
	249	index 55c3d44..6aba294 100644
	250	--- a/src/uucpd.c
	251	+++ b/src/uucpd.c
	252	@@ -254,7 +254,12 @@ doit (struct sockaddr *sap, socklen_t salen)
	253	sprintf (Username, "USER=%s", user);
	254	sprintf (Logname, "LOGNAME=%s", user);
	255	dologin (pw, sap, salen);
	256	- setgid (pw->pw_gid);
	257	+
	258	+ if (setgid (pw->pw_gid) == -1)
	259	+ {
	260	+ fprintf (stderr, "setgid() failed");
	261	+ return;
	262	+ }
	263	#ifdef HAVE_INITGROUPS
	264	initgroups (pw->pw_name, pw->pw_gid);
	265	#endif
	266	@@ -263,7 +268,13 @@ doit (struct sockaddr *sap, socklen_t salen)
	267	fprintf (stderr, "Login incorrect.");
	268	return;
	269	}
	270	- setuid (pw->pw_uid);
	271	+
	272	+ if (setuid (pw->pw_uid) == -1)
	273	+ {
	274	+ fprintf (stderr, "setuid() failed");
	275	+ return;
	276	+ }
	277	+
	278	execl (uucico_location, "uucico", NULL);
	279	perror ("uucico server: execl");
	280	}
	281	--
	282	2.25.1
	283