From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> Date: Thu, 23 Mar 2023 23:39:38 +0000 Subject: [PATCH] Added control character check Added control character check, returning -1 (to "err") if control characters are present. CVE: CVE-2023-29383 Upstream-Status: Backport Reference to upstream: https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d Signed-off-by: Xiangyu Chen Signed-off-by: Vijay Anusuri --- lib/fields.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/fields.c b/lib/fields.c index 640be931..fb51b582 100644 --- a/lib/fields.c +++ b/lib/fields.c @@ -21,9 +21,9 @@ * * The supplied field is scanned for non-printable and other illegal * characters. - * + -1 is returned if an illegal character is present. - * + 1 is returned if no illegal characters are present, but the field - * contains a non-printable character. + * + -1 is returned if an illegal or control character is present. + * + 1 is returned if no illegal or control characters are present, + * but the field contains a non-printable character. * + 0 is returned otherwise. */ int valid_field (const char *field, const char *illegal) @@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) } if (0 == err) { - /* Search if there are some non-printable characters */ + /* Search if there are non-printable or control characters */ for (cp = field; '\0' != *cp; cp++) { if (!isprint (*cp)) { err = 1; + } + if (!iscntrl (*cp)) { + err = -1; break; } } -- 2.34.1