diff options
Diffstat (limited to 'meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch')
-rw-r--r-- | meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch | 161 |
1 files changed, 161 insertions, 0 deletions
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch new file mode 100644 index 0000000000..54b496ea3f --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch | |||
@@ -0,0 +1,161 @@ | |||
1 | From faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 Mon Sep 17 00:00:00 2001 | ||
2 | From: Karel Zak <kzak@redhat.com> | ||
3 | Date: Thu, 10 Feb 2022 12:03:17 +0100 | ||
4 | Subject: [PATCH] chsh, chfn: remove readline support [CVE-2022-0563] | ||
5 | |||
6 | The readline library uses INPUTRC= environment variable to get a path | ||
7 | to the library config file. When the library cannot parse the | ||
8 | specified file, it prints an error message containing data from the | ||
9 | file. | ||
10 | |||
11 | Unfortunately, the library does not use secure_getenv() (or a similar | ||
12 | concept) to avoid vulnerabilities that could occur if set-user-ID or | ||
13 | set-group-ID programs. | ||
14 | |||
15 | Reported-by: Rory Mackie <rory.mackie@trailofbits.com> | ||
16 | Signed-off-by: Karel Zak <kzak@redhat.com> | ||
17 | |||
18 | Upstream-status: Backport | ||
19 | https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 | ||
20 | |||
21 | CVE: CVE-2022-0563 | ||
22 | |||
23 | Signed-off-by: Steve Sakoman <steve@sakoman.com> | ||
24 | |||
25 | --- | ||
26 | login-utils/Makemodule.am | 2 +- | ||
27 | login-utils/chfn.c | 16 +++------------ | ||
28 | login-utils/chsh.c | 42 ++------------------------------------- | ||
29 | 3 files changed, 6 insertions(+), 54 deletions(-) | ||
30 | |||
31 | diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am | ||
32 | index fac5bfc..73636af 100644 | ||
33 | --- a/login-utils/Makemodule.am | ||
34 | +++ b/login-utils/Makemodule.am | ||
35 | @@ -82,7 +82,7 @@ chfn_chsh_sources = \ | ||
36 | login-utils/ch-common.c | ||
37 | chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS) | ||
38 | chfn_chsh_ldflags = $(SUID_LDFLAGS) $(AM_LDFLAGS) | ||
39 | -chfn_chsh_ldadd = libcommon.la $(READLINE_LIBS) | ||
40 | +chfn_chsh_ldadd = libcommon.la | ||
41 | |||
42 | if CHFN_CHSH_PASSWORD | ||
43 | chfn_chsh_ldadd += -lpam | ||
44 | diff --git a/login-utils/chfn.c b/login-utils/chfn.c | ||
45 | index b739555..2f8e44a 100644 | ||
46 | --- a/login-utils/chfn.c | ||
47 | +++ b/login-utils/chfn.c | ||
48 | @@ -56,11 +56,6 @@ | ||
49 | # include "auth.h" | ||
50 | #endif | ||
51 | |||
52 | -#ifdef HAVE_LIBREADLINE | ||
53 | -# define _FUNCTION_DEF | ||
54 | -# include <readline/readline.h> | ||
55 | -#endif | ||
56 | - | ||
57 | struct finfo { | ||
58 | char *full_name; | ||
59 | char *office; | ||
60 | @@ -229,22 +224,17 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question, | ||
61 | { | ||
62 | int len; | ||
63 | char *buf; | ||
64 | -#ifndef HAVE_LIBREADLINE | ||
65 | - size_t dummy = 0; | ||
66 | -#endif | ||
67 | |||
68 | if (!def_val) | ||
69 | def_val = ""; | ||
70 | + | ||
71 | while (true) { | ||
72 | printf("%s [%s]: ", question, def_val); | ||
73 | __fpurge(stdin); | ||
74 | -#ifdef HAVE_LIBREADLINE | ||
75 | - rl_bind_key('\t', rl_insert); | ||
76 | - if ((buf = readline(NULL)) == NULL) | ||
77 | -#else | ||
78 | + | ||
79 | if (getline(&buf, &dummy, stdin) < 0) | ||
80 | -#endif | ||
81 | errx(EXIT_FAILURE, _("Aborted.")); | ||
82 | + | ||
83 | /* remove white spaces from string end */ | ||
84 | ltrim_whitespace((unsigned char *) buf); | ||
85 | len = rtrim_whitespace((unsigned char *) buf); | ||
86 | diff --git a/login-utils/chsh.c b/login-utils/chsh.c | ||
87 | index a9ebec8..ee6ff87 100644 | ||
88 | --- a/login-utils/chsh.c | ||
89 | +++ b/login-utils/chsh.c | ||
90 | @@ -58,11 +58,6 @@ | ||
91 | # include "auth.h" | ||
92 | #endif | ||
93 | |||
94 | -#ifdef HAVE_LIBREADLINE | ||
95 | -# define _FUNCTION_DEF | ||
96 | -# include <readline/readline.h> | ||
97 | -#endif | ||
98 | - | ||
99 | struct sinfo { | ||
100 | char *username; | ||
101 | char *shell; | ||
102 | @@ -121,33 +116,6 @@ static void print_shells(void) | ||
103 | endusershell(); | ||
104 | } | ||
105 | |||
106 | -#ifdef HAVE_LIBREADLINE | ||
107 | -static char *shell_name_generator(const char *text, int state) | ||
108 | -{ | ||
109 | - static size_t len; | ||
110 | - char *s; | ||
111 | - | ||
112 | - if (!state) { | ||
113 | - setusershell(); | ||
114 | - len = strlen(text); | ||
115 | - } | ||
116 | - | ||
117 | - while ((s = getusershell())) { | ||
118 | - if (strncmp(s, text, len) == 0) | ||
119 | - return xstrdup(s); | ||
120 | - } | ||
121 | - return NULL; | ||
122 | -} | ||
123 | - | ||
124 | -static char **shell_name_completion(const char *text, | ||
125 | - int start __attribute__((__unused__)), | ||
126 | - int end __attribute__((__unused__))) | ||
127 | -{ | ||
128 | - rl_attempted_completion_over = 1; | ||
129 | - return rl_completion_matches(text, shell_name_generator); | ||
130 | -} | ||
131 | -#endif | ||
132 | - | ||
133 | /* | ||
134 | * parse_argv () -- | ||
135 | * parse the command line arguments, and fill in "pinfo" with any | ||
136 | @@ -198,20 +166,14 @@ static char *ask_new_shell(char *question, char *oldshell) | ||
137 | { | ||
138 | int len; | ||
139 | char *ans = NULL; | ||
140 | -#ifdef HAVE_LIBREADLINE | ||
141 | - rl_attempted_completion_function = shell_name_completion; | ||
142 | -#else | ||
143 | size_t dummy = 0; | ||
144 | -#endif | ||
145 | + | ||
146 | if (!oldshell) | ||
147 | oldshell = ""; | ||
148 | printf("%s [%s]\n", question, oldshell); | ||
149 | -#ifdef HAVE_LIBREADLINE | ||
150 | - if ((ans = readline("> ")) == NULL) | ||
151 | -#else | ||
152 | if (getline(&ans, &dummy, stdin) < 0) | ||
153 | -#endif | ||
154 | return NULL; | ||
155 | + | ||
156 | /* remove the newline at the end of ans. */ | ||
157 | ltrim_whitespace((unsigned char *) ans); | ||
158 | len = rtrim_whitespace((unsigned char *) ans); | ||
159 | -- | ||
160 | 2.25.1 | ||
161 | |||