inetutils: Backport fix for CVE-2023-40303

Upstream-commit: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6 & https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d (From OE-Core rev: 2d2fc8e2b0eaa20f6bf8cfc0d1acd908f3dac2ec) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Vijay Anusuri <vanusuri@mvista.com> 2023-08-29 08:26:23 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-09-08 16:09:41 -1000
commit: a56109b944049152635f86d5bcde58a7996718a0 (patch)
tree: 20c0ac945ca0546b3413187e1d11de38128c8088
parent: b19575391d7f5909001a310450db22fc54500e47 (diff)
download: poky-a56109b944049152635f86d5bcde58a7996718a0.tar.gz
3 files changed, 536 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
new file mode 100644
index 0000000000..7f5baf3637
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
@@ -0,0 +1,280 @@
+From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Date: Fri, 30 Jun 2023 19:02:45 +0200
+Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check
+ set*id() return values
+Several setuid(), setgid(), seteuid() and setguid() return values
+were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
+leading to potential security issues.
+CVE: CVE-2023-40303
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
+Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ ftpd/ftpd.c  | 10 +++++++---
+ src/rcp.c    | 39 +++++++++++++++++++++++++++++++++------
+ src/rlogin.c | 11 +++++++++--
+ src/rsh.c    | 25 +++++++++++++++++++++----
+ src/rshd.c   | 20 +++++++++++++++++---
+ src/uucpd.c  | 15 +++++++++++++--
+ 6 files changed, 100 insertions(+), 20 deletions(-)
+diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
+index 92b2cca5..28dd523f 100644
+--- a/ftpd/ftpd.c
+++ b/ftpd/ftpd.c
+@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
+   char *remotehost = pcred->remotehost;
+   int atype = pcred->auth_type;
+ 
+-  seteuid ((uid_t) 0);
+  if (seteuid ((uid_t) 0) == -1)
+    _exit (EXIT_FAILURE);
+
+   if (pcred->logged_in)
+     {
+       logwtmp_keep_open (ttyline, "", "");
+@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
+ 
+   if (data >= 0)
+     return fdopen (data, mode);
+-  seteuid ((uid_t) 0);
+  if (seteuid ((uid_t) 0) == -1)
+    _exit (EXIT_FAILURE);
+   s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
+   if (s < 0)
+     goto bad;
+@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
+   else /* !AF_INET6 */
+     ((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
+ 
+-  seteuid ((uid_t) 0);
+  if (seteuid ((uid_t) 0) == -1)
+    _exit (EXIT_FAILURE);
+   if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
+     {
+       if (seteuid ((uid_t) cred.uid))
+diff --git a/src/rcp.c b/src/rcp.c
+index 75adb253..cdcf8500 100644
+--- a/src/rcp.c
+++ b/src/rcp.c
+@@ -345,14 +345,23 @@ main (int argc, char *argv[])
+   if (from_option)
+     {                          /* Follow "protocol", send data. */
+       response ();
+-      setuid (userid);
+
+      if (setuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+      }
+
+       source (argc, argv);
+       exit (errs);
+     }
+ 
+   if (to_option)
+     {                          /* Receive data. */
+-      setuid (userid);
+      if (setuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+      }
+
+       sink (argc, argv);
+       exit (errs);
+     }
+@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[])
+              if (response () < 0)
+                exit (EXIT_FAILURE);
+              free (bp);
+-             setuid (userid);
+
+             if (setuid (userid) == -1)
+              {
+                error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+              }
+            }
+          source (1, argv + i);
+          close (rem);
+@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[])
+          ++errs;
+          continue;
+        }
+-      seteuid (userid);
+
+      if (seteuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+      }
+
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+       sslen = sizeof (ss);
+       (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
+@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[])
+ #endif
+       vect[0] = target;
+       sink (1, vect);
+-      seteuid (effuid);
+
+      if (seteuid (effuid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+      }
+
+       close (rem);
+       rem = -1;
+ #ifdef SHISHI
+@@ -1441,7 +1464,11 @@ susystem (char *s, int userid)
+       return (127);
+ 
+     case 0:
+-      setuid (userid);
+      if (setuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+      }
+
+       execl (PATH_BSHELL, "sh", "-c", s, NULL);
+       _exit (127);
+     }
+diff --git a/src/rlogin.c b/src/rlogin.c
+index aa6426fb..c543de0c 100644
+--- a/src/rlogin.c
+++ b/src/rlogin.c
+@@ -647,8 +647,15 @@ try_connect:
+   /* Now change to the real user ID.  We have to be set-user-ID root
+      to get the privileged port that rcmd () uses.  We now want, however,
+      to run as the real user who invoked us.  */
+-  seteuid (uid);
+-  setuid (uid);
+  if (seteuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+  }
+
+  if (setuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+  }
+ 
+   doit (&osmask);      /* The old mask will activate SIGURG and SIGUSR1!  */
+ 
+diff --git a/src/rsh.c b/src/rsh.c
+index 2d622ca4..6f60667d 100644
+--- a/src/rsh.c
+++ b/src/rsh.c
+@@ -276,8 +276,17 @@ main (int argc, char **argv)
+     {
+       if (asrsh)
+        *argv = (char *) "rlogin";
+-      seteuid (getuid ());
+-      setuid (getuid ());
+
+      if (seteuid (getuid ()) == -1)
+      {
+        error (EXIT_FAILURE, errno, "seteuid() failed");
+      }
+
+      if (setuid (getuid ()) == -1)
+      {
+        error (EXIT_FAILURE, errno, "setuid() failed");
+      }
+
+       execv (PATH_RLOGIN, argv);
+       error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+     }
+@@ -541,8 +550,16 @@ try_connect:
+        error (0, errno, "setsockopt DEBUG (ignored)");
+     }
+ 
+-  seteuid (uid);
+-  setuid (uid);
+  if (seteuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, errno, "seteuid() failed");
+  }
+
+  if (setuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, errno, "setuid() failed");
+  }
+
+ #ifdef HAVE_SIGACTION
+   sigemptyset (&sigs);
+   sigaddset (&sigs, SIGINT);
+diff --git a/src/rshd.c b/src/rshd.c
+index d1c0d0cd..707790e7 100644
+--- a/src/rshd.c
+++ b/src/rshd.c
+@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+     pwd->pw_shell = PATH_BSHELL;
+ 
+   /* Set the gid, then uid to become the user specified by "locuser" */
+-  setegid ((gid_t) pwd->pw_gid);
+-  setgid ((gid_t) pwd->pw_gid);
+  if (setegid ((gid_t) pwd->pw_gid) == -1)
+  {
+    rshd_error ("Cannot drop privileges (setegid() failed)\n");
+    exit (EXIT_FAILURE);
+  }
+
+  if (setgid ((gid_t) pwd->pw_gid) == -1)
+  {
+    rshd_error ("Cannot drop privileges (setgid() failed)\n");
+    exit (EXIT_FAILURE);
+  }
+
+ #ifdef HAVE_INITGROUPS
+   initgroups (pwd->pw_name, pwd->pw_gid);      /* BSD groups */
+ #endif
+@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+     }
+ #endif /* WITH_PAM */
+ 
+-  setuid ((uid_t) pwd->pw_uid);
+  if (setuid ((uid_t) pwd->pw_uid) == -1)
+  {
+    rshd_error ("Cannot drop privileges (setuid() failed)\n");
+    exit (EXIT_FAILURE);
+  }
+ 
+   /* We'll execute the client's command in the home directory
+    * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 107589e1..29cfce35 100644
+--- a/src/uucpd.c
+++ b/src/uucpd.c
+@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen)
+   snprintf (Username, sizeof (Username), "USER=%s", user);
+   snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
+   dologin (pw, sap, salen);
+-  setgid (pw->pw_gid);
+
+  if (setgid (pw->pw_gid) == -1)
+  {
+    fprintf (stderr, "setgid() failed");
+    return;
+  }
+ #ifdef HAVE_INITGROUPS
+   initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen)
+       fprintf (stderr, "Login incorrect.");
+       return;
+     }
+-  setuid (pw->pw_uid);
+
+  if (setuid (pw->pw_uid) == -1)
+  {
+    fprintf (stderr, "setuid() failed");
+    return;
+  }
+
+   execl (uucico_location, "uucico", NULL);
+   perror ("uucico server: execl");
+ }
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
new file mode 100644
index 0000000000..4bc354d256
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
@@ -0,0 +1,254 @@
+From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Mon, 31 Jul 2023 13:59:05 +0200
+Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit.
+CVE: CVE-2023-40303
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/rcp.c    | 42 ++++++++++++++++++++++++------------------
+ src/rlogin.c | 12 ++++++------
+ src/rsh.c    | 24 ++++++++++++------------
+ src/rshd.c   | 24 ++++++++++++------------
+ src/uucpd.c  | 16 ++++++++--------
+ 5 files changed, 62 insertions(+), 56 deletions(-)
+diff --git a/src/rcp.c b/src/rcp.c
+index cdcf8500..652f22e6 100644
+--- a/src/rcp.c
+++ b/src/rcp.c
+@@ -347,9 +347,10 @@ main (int argc, char *argv[])
+       response ();
+ 
+       if (setuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-      }
+       {
+         error (EXIT_FAILURE, 0,
+                "Could not drop privileges (setuid() failed)");
+       }
+ 
+       source (argc, argv);
+       exit (errs);
+@@ -358,9 +359,10 @@ main (int argc, char *argv[])
+   if (to_option)
+     {                          /* Receive data. */
+       if (setuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-      }
+       {
+         error (EXIT_FAILURE, 0,
+                "Could not drop privileges (setuid() failed)");
+       }
+ 
+       sink (argc, argv);
+       exit (errs);
+@@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[])
+              free (bp);
+ 
+              if (setuid (userid) == -1)
+-              {
+-                error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-              }
+               {
+                 error (EXIT_FAILURE, 0,
+                        "Could not drop privileges (setuid() failed)");
+               }
+            }
+          source (1, argv + i);
+          close (rem);
+@@ -645,9 +648,10 @@ tolocal (int argc, char *argv[])
+        }
+ 
+       if (seteuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+-      }
+       {
+         error (EXIT_FAILURE, 0,
+                "Could not drop privileges (seteuid() failed)");
+       }
+ 
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+       sslen = sizeof (ss);
+@@ -663,9 +667,10 @@ tolocal (int argc, char *argv[])
+       sink (1, vect);
+ 
+       if (seteuid (effuid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+-      }
+       {
+         error (EXIT_FAILURE, 0,
+                "Could not drop privileges (seteuid() failed)");
+       }
+ 
+       close (rem);
+       rem = -1;
+@@ -1465,9 +1470,10 @@ susystem (char *s, int userid)
+ 
+     case 0:
+       if (setuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-      }
+       {
+         error (EXIT_FAILURE, 0,
+                "Could not drop privileges (setuid() failed)");
+       }
+ 
+       execl (PATH_BSHELL, "sh", "-c", s, NULL);
+       _exit (127);
+diff --git a/src/rlogin.c b/src/rlogin.c
+index c543de0c..4360202f 100644
+--- a/src/rlogin.c
+++ b/src/rlogin.c
+@@ -648,14 +648,14 @@ try_connect:
+      to get the privileged port that rcmd () uses.  We now want, however,
+      to run as the real user who invoked us.  */
+   if (seteuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+-  }
+    {
+      error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+    }
+ 
+   if (setuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-  }
+    {
+      error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+    }
+ 
+   doit (&osmask);      /* The old mask will activate SIGURG and SIGUSR1!  */
+ 
+diff --git a/src/rsh.c b/src/rsh.c
+index 6f60667d..179b47cd 100644
+--- a/src/rsh.c
+++ b/src/rsh.c
+@@ -278,14 +278,14 @@ main (int argc, char **argv)
+        *argv = (char *) "rlogin";
+ 
+       if (seteuid (getuid ()) == -1)
+-      {
+-        error (EXIT_FAILURE, errno, "seteuid() failed");
+-      }
+       {
+         error (EXIT_FAILURE, errno, "seteuid() failed");
+       }
+ 
+       if (setuid (getuid ()) == -1)
+-      {
+-        error (EXIT_FAILURE, errno, "setuid() failed");
+-      }
+       {
+         error (EXIT_FAILURE, errno, "setuid() failed");
+       }
+ 
+       execv (PATH_RLOGIN, argv);
+       error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+@@ -551,14 +551,14 @@ try_connect:
+     }
+ 
+   if (seteuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, errno, "seteuid() failed");
+-  }
+    {
+      error (EXIT_FAILURE, errno, "seteuid() failed");
+    }
+ 
+   if (setuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, errno, "setuid() failed");
+-  }
+    {
+      error (EXIT_FAILURE, errno, "setuid() failed");
+    }
+ 
+ #ifdef HAVE_SIGACTION
+   sigemptyset (&sigs);
+diff --git a/src/rshd.c b/src/rshd.c
+index 707790e7..3a153a18 100644
+--- a/src/rshd.c
+++ b/src/rshd.c
+@@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ 
+   /* Set the gid, then uid to become the user specified by "locuser" */
+   if (setegid ((gid_t) pwd->pw_gid) == -1)
+-  {
+-    rshd_error ("Cannot drop privileges (setegid() failed)\n");
+-    exit (EXIT_FAILURE);
+-  }
+    {
+      rshd_error ("Cannot drop privileges (setegid() failed)\n");
+      exit (EXIT_FAILURE);
+    }
+ 
+   if (setgid ((gid_t) pwd->pw_gid) == -1)
+-  {
+-    rshd_error ("Cannot drop privileges (setgid() failed)\n");
+-    exit (EXIT_FAILURE);
+-  }
+    {
+      rshd_error ("Cannot drop privileges (setgid() failed)\n");
+      exit (EXIT_FAILURE);
+    }
+ 
+ #ifdef HAVE_INITGROUPS
+   initgroups (pwd->pw_name, pwd->pw_gid);      /* BSD groups */
+@@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ #endif /* WITH_PAM */
+ 
+   if (setuid ((uid_t) pwd->pw_uid) == -1)
+-  {
+-    rshd_error ("Cannot drop privileges (setuid() failed)\n");
+-    exit (EXIT_FAILURE);
+-  }
+    {
+      rshd_error ("Cannot drop privileges (setuid() failed)\n");
+      exit (EXIT_FAILURE);
+    }
+ 
+   /* We'll execute the client's command in the home directory
+    * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 29cfce35..fde7b9c9 100644
+--- a/src/uucpd.c
+++ b/src/uucpd.c
+@@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen)
+   dologin (pw, sap, salen);
+ 
+   if (setgid (pw->pw_gid) == -1)
+-  {
+-    fprintf (stderr, "setgid() failed");
+-    return;
+-  }
+    {
+      fprintf (stderr, "setgid() failed");
+      return;
+    }
+ #ifdef HAVE_INITGROUPS
+   initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen)
+     }
+ 
+   if (setuid (pw->pw_uid) == -1)
+-  {
+-    fprintf (stderr, "setuid() failed");
+-    return;
+-  }
+    {
+      fprintf (stderr, "setuid() failed");
+      return;
+    }
+ 
+   execl (uucico_location, "uucico", NULL);
+   perror ("uucico server: execl");
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.2.bb b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb
index d8062e2b21..6f9173dbc1 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_2.2.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb
@@ -22,6 +22,8 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
           file://inetutils-1.9-PATH_PROCNET_DEV.patch \
           file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
           file://CVE-2022-39028.patch \
+           file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \
+           file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \
 "
 inherit autotools gettext update-alternatives texinfo
author	Vijay Anusuri <vanusuri@mvista.com>	2023-08-29 08:26:23 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-09-08 16:09:41 -1000
commit	a56109b944049152635f86d5bcde58a7996718a0 (patch)
tree	20c0ac945ca0546b3413187e1d11de38128c8088
parent	b19575391d7f5909001a310450db22fc54500e47 (diff)
download	poky-a56109b944049152635f86d5bcde58a7996718a0.tar.gz

diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch new file mode 100644 index 0000000000..7f5baf3637 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
@@ -0,0 +1,280 @@
		1	From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001
		2	From: Jeffrey Bencteux <jeffbencteux@gmail.com>
		3	Date: Fri, 30 Jun 2023 19:02:45 +0200
		4	Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check
		5	set*id() return values
		6
		7	Several setuid(), setgid(), seteuid() and setguid() return values
		8	were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
		9	leading to potential security issues.
		10
		11	CVE: CVE-2023-40303
		12	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
		13	Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
		14	Signed-off-by: Simon Josefsson <simon@josefsson.org>
		15	Signed-off-by: Khem Raj <raj.khem@gmail.com>
		16	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		17	---
		18	ftpd/ftpd.c \| 10 +++++++---
		19	src/rcp.c \| 39 +++++++++++++++++++++++++++++++++------
		20	src/rlogin.c \| 11 +++++++++--
		21	src/rsh.c \| 25 +++++++++++++++++++++----
		22	src/rshd.c \| 20 +++++++++++++++++---
		23	src/uucpd.c \| 15 +++++++++++++--
		24	6 files changed, 100 insertions(+), 20 deletions(-)
		25
		26	diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
		27	index 92b2cca5..28dd523f 100644
		28	--- a/ftpd/ftpd.c
		29	+++ b/ftpd/ftpd.c
		30	@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
		31	char *remotehost = pcred->remotehost;
		32	int atype = pcred->auth_type;
		33
		34	- seteuid ((uid_t) 0);
		35	+ if (seteuid ((uid_t) 0) == -1)
		36	+ _exit (EXIT_FAILURE);
		37	+
		38	if (pcred->logged_in)
		39	{
		40	logwtmp_keep_open (ttyline, "", "");
		41	@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
		42
		43	if (data >= 0)
		44	return fdopen (data, mode);
		45	- seteuid ((uid_t) 0);
		46	+ if (seteuid ((uid_t) 0) == -1)
		47	+ _exit (EXIT_FAILURE);
		48	s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
		49	if (s < 0)
		50	goto bad;
		51	@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
		52	else /* !AF_INET6 */
		53	((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
		54
		55	- seteuid ((uid_t) 0);
		56	+ if (seteuid ((uid_t) 0) == -1)
		57	+ _exit (EXIT_FAILURE);
		58	if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
		59	{
		60	if (seteuid ((uid_t) cred.uid))
		61	diff --git a/src/rcp.c b/src/rcp.c
		62	index 75adb253..cdcf8500 100644
		63	--- a/src/rcp.c
		64	+++ b/src/rcp.c
		65	@@ -345,14 +345,23 @@ main (int argc, char *argv[])
		66	if (from_option)
		67	{ /* Follow "protocol", send data. */
		68	response ();
		69	- setuid (userid);
		70	+
		71	+ if (setuid (userid) == -1)
		72	+ {
		73	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		74	+ }
		75	+
		76	source (argc, argv);
		77	exit (errs);
		78	}
		79
		80	if (to_option)
		81	{ /* Receive data. */
		82	- setuid (userid);
		83	+ if (setuid (userid) == -1)
		84	+ {
		85	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		86	+ }
		87	+
		88	sink (argc, argv);
		89	exit (errs);
		90	}
		91	@@ -537,7 +546,11 @@ toremote (char targ, int argc, char argv[])
		92	if (response () < 0)
		93	exit (EXIT_FAILURE);
		94	free (bp);
		95	- setuid (userid);
		96	+
		97	+ if (setuid (userid) == -1)
		98	+ {
		99	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		100	+ }
		101	}
		102	source (1, argv + i);
		103	close (rem);
		104	@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[])
		105	++errs;
		106	continue;
		107	}
		108	- seteuid (userid);
		109	+
		110	+ if (seteuid (userid) == -1)
		111	+ {
		112	+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		113	+ }
		114	+
		115	#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
		116	sslen = sizeof (ss);
		117	(void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
		118	@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[])
		119	#endif
		120	vect[0] = target;
		121	sink (1, vect);
		122	- seteuid (effuid);
		123	+
		124	+ if (seteuid (effuid) == -1)
		125	+ {
		126	+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		127	+ }
		128	+
		129	close (rem);
		130	rem = -1;
		131	#ifdef SHISHI
		132	@@ -1441,7 +1464,11 @@ susystem (char *s, int userid)
		133	return (127);
		134
		135	case 0:
		136	- setuid (userid);
		137	+ if (setuid (userid) == -1)
		138	+ {
		139	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		140	+ }
		141	+
		142	execl (PATH_BSHELL, "sh", "-c", s, NULL);
		143	_exit (127);
		144	}
		145	diff --git a/src/rlogin.c b/src/rlogin.c
		146	index aa6426fb..c543de0c 100644
		147	--- a/src/rlogin.c
		148	+++ b/src/rlogin.c
		149	@@ -647,8 +647,15 @@ try_connect:
		150	/* Now change to the real user ID. We have to be set-user-ID root
		151	to get the privileged port that rcmd () uses. We now want, however,
		152	to run as the real user who invoked us. */
		153	- seteuid (uid);
		154	- setuid (uid);
		155	+ if (seteuid (uid) == -1)
		156	+ {
		157	+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		158	+ }
		159	+
		160	+ if (setuid (uid) == -1)
		161	+ {
		162	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		163	+ }
		164
		165	doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
		166
		167	diff --git a/src/rsh.c b/src/rsh.c
		168	index 2d622ca4..6f60667d 100644
		169	--- a/src/rsh.c
		170	+++ b/src/rsh.c
		171	@@ -276,8 +276,17 @@ main (int argc, char **argv)
		172	{
		173	if (asrsh)
		174	argv = (char ) "rlogin";
		175	- seteuid (getuid ());
		176	- setuid (getuid ());
		177	+
		178	+ if (seteuid (getuid ()) == -1)
		179	+ {
		180	+ error (EXIT_FAILURE, errno, "seteuid() failed");
		181	+ }
		182	+
		183	+ if (setuid (getuid ()) == -1)
		184	+ {
		185	+ error (EXIT_FAILURE, errno, "setuid() failed");
		186	+ }
		187	+
		188	execv (PATH_RLOGIN, argv);
		189	error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
		190	}
		191	@@ -541,8 +550,16 @@ try_connect:
		192	error (0, errno, "setsockopt DEBUG (ignored)");
		193	}
		194
		195	- seteuid (uid);
		196	- setuid (uid);
		197	+ if (seteuid (uid) == -1)
		198	+ {
		199	+ error (EXIT_FAILURE, errno, "seteuid() failed");
		200	+ }
		201	+
		202	+ if (setuid (uid) == -1)
		203	+ {
		204	+ error (EXIT_FAILURE, errno, "setuid() failed");
		205	+ }
		206	+
		207	#ifdef HAVE_SIGACTION
		208	sigemptyset (&sigs);
		209	sigaddset (&sigs, SIGINT);
		210	diff --git a/src/rshd.c b/src/rshd.c
		211	index d1c0d0cd..707790e7 100644
		212	--- a/src/rshd.c
		213	+++ b/src/rshd.c
		214	@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
		215	pwd->pw_shell = PATH_BSHELL;
		216
		217	/* Set the gid, then uid to become the user specified by "locuser" */
		218	- setegid ((gid_t) pwd->pw_gid);
		219	- setgid ((gid_t) pwd->pw_gid);
		220	+ if (setegid ((gid_t) pwd->pw_gid) == -1)
		221	+ {
		222	+ rshd_error ("Cannot drop privileges (setegid() failed)\n");
		223	+ exit (EXIT_FAILURE);
		224	+ }
		225	+
		226	+ if (setgid ((gid_t) pwd->pw_gid) == -1)
		227	+ {
		228	+ rshd_error ("Cannot drop privileges (setgid() failed)\n");
		229	+ exit (EXIT_FAILURE);
		230	+ }
		231	+
		232	#ifdef HAVE_INITGROUPS
		233	initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
		234	#endif
		235	@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
		236	}
		237	#endif /* WITH_PAM */
		238
		239	- setuid ((uid_t) pwd->pw_uid);
		240	+ if (setuid ((uid_t) pwd->pw_uid) == -1)
		241	+ {
		242	+ rshd_error ("Cannot drop privileges (setuid() failed)\n");
		243	+ exit (EXIT_FAILURE);
		244	+ }
		245
		246	/* We'll execute the client's command in the home directory
		247	* of locuser. Note, that the chdir must be executed after
		248	diff --git a/src/uucpd.c b/src/uucpd.c
		249	index 107589e1..29cfce35 100644
		250	--- a/src/uucpd.c
		251	+++ b/src/uucpd.c
		252	@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen)
		253	snprintf (Username, sizeof (Username), "USER=%s", user);
		254	snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
		255	dologin (pw, sap, salen);
		256	- setgid (pw->pw_gid);
		257	+
		258	+ if (setgid (pw->pw_gid) == -1)
		259	+ {
		260	+ fprintf (stderr, "setgid() failed");
		261	+ return;
		262	+ }
		263	#ifdef HAVE_INITGROUPS
		264	initgroups (pw->pw_name, pw->pw_gid);
		265	#endif
		266	@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen)
		267	fprintf (stderr, "Login incorrect.");
		268	return;
		269	}
		270	- setuid (pw->pw_uid);
		271	+
		272	+ if (setuid (pw->pw_uid) == -1)
		273	+ {
		274	+ fprintf (stderr, "setuid() failed");
		275	+ return;
		276	+ }
		277	+
		278	execl (uucico_location, "uucico", NULL);
		279	perror ("uucico server: execl");
		280	}


diff --git a/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch new file mode 100644 index 0000000000..4bc354d256 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
@@ -0,0 +1,254 @@
		1	From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001
		2	From: Simon Josefsson <simon@josefsson.org>
		3	Date: Mon, 31 Jul 2023 13:59:05 +0200
		4	Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit.
		5
		6	CVE: CVE-2023-40303
		7	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d]
		8	Signed-off-by: Khem Raj <raj.khem@gmail.com>
		9	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		10	---
		11	src/rcp.c \| 42 ++++++++++++++++++++++++------------------
		12	src/rlogin.c \| 12 ++++++------
		13	src/rsh.c \| 24 ++++++++++++------------
		14	src/rshd.c \| 24 ++++++++++++------------
		15	src/uucpd.c \| 16 ++++++++--------
		16	5 files changed, 62 insertions(+), 56 deletions(-)
		17
		18	diff --git a/src/rcp.c b/src/rcp.c
		19	index cdcf8500..652f22e6 100644
		20	--- a/src/rcp.c
		21	+++ b/src/rcp.c
		22	@@ -347,9 +347,10 @@ main (int argc, char *argv[])
		23	response ();
		24
		25	if (setuid (userid) == -1)
		26	- {
		27	- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		28	- }
		29	+ {
		30	+ error (EXIT_FAILURE, 0,
		31	+ "Could not drop privileges (setuid() failed)");
		32	+ }
		33
		34	source (argc, argv);
		35	exit (errs);
		36	@@ -358,9 +359,10 @@ main (int argc, char *argv[])
		37	if (to_option)
		38	{ /* Receive data. */
		39	if (setuid (userid) == -1)
		40	- {
		41	- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		42	- }
		43	+ {
		44	+ error (EXIT_FAILURE, 0,
		45	+ "Could not drop privileges (setuid() failed)");
		46	+ }
		47
		48	sink (argc, argv);
		49	exit (errs);
		50	@@ -548,9 +550,10 @@ toremote (char targ, int argc, char argv[])
		51	free (bp);
		52
		53	if (setuid (userid) == -1)
		54	- {
		55	- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		56	- }
		57	+ {
		58	+ error (EXIT_FAILURE, 0,
		59	+ "Could not drop privileges (setuid() failed)");
		60	+ }
		61	}
		62	source (1, argv + i);
		63	close (rem);
		64	@@ -645,9 +648,10 @@ tolocal (int argc, char *argv[])
		65	}
		66
		67	if (seteuid (userid) == -1)
		68	- {
		69	- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		70	- }
		71	+ {
		72	+ error (EXIT_FAILURE, 0,
		73	+ "Could not drop privileges (seteuid() failed)");
		74	+ }
		75
		76	#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
		77	sslen = sizeof (ss);
		78	@@ -663,9 +667,10 @@ tolocal (int argc, char *argv[])
		79	sink (1, vect);
		80
		81	if (seteuid (effuid) == -1)
		82	- {
		83	- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		84	- }
		85	+ {
		86	+ error (EXIT_FAILURE, 0,
		87	+ "Could not drop privileges (seteuid() failed)");
		88	+ }
		89
		90	close (rem);
		91	rem = -1;
		92	@@ -1465,9 +1470,10 @@ susystem (char *s, int userid)
		93
		94	case 0:
		95	if (setuid (userid) == -1)
		96	- {
		97	- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		98	- }
		99	+ {
		100	+ error (EXIT_FAILURE, 0,
		101	+ "Could not drop privileges (setuid() failed)");
		102	+ }
		103
		104	execl (PATH_BSHELL, "sh", "-c", s, NULL);
		105	_exit (127);
		106	diff --git a/src/rlogin.c b/src/rlogin.c
		107	index c543de0c..4360202f 100644
		108	--- a/src/rlogin.c
		109	+++ b/src/rlogin.c
		110	@@ -648,14 +648,14 @@ try_connect:
		111	to get the privileged port that rcmd () uses. We now want, however,
		112	to run as the real user who invoked us. */
		113	if (seteuid (uid) == -1)
		114	- {
		115	- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		116	- }
		117	+ {
		118	+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		119	+ }
		120
		121	if (setuid (uid) == -1)
		122	- {
		123	- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		124	- }
		125	+ {
		126	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		127	+ }
		128
		129	doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
		130
		131	diff --git a/src/rsh.c b/src/rsh.c
		132	index 6f60667d..179b47cd 100644
		133	--- a/src/rsh.c
		134	+++ b/src/rsh.c
		135	@@ -278,14 +278,14 @@ main (int argc, char **argv)
		136	argv = (char ) "rlogin";
		137
		138	if (seteuid (getuid ()) == -1)
		139	- {
		140	- error (EXIT_FAILURE, errno, "seteuid() failed");
		141	- }
		142	+ {
		143	+ error (EXIT_FAILURE, errno, "seteuid() failed");
		144	+ }
		145
		146	if (setuid (getuid ()) == -1)
		147	- {
		148	- error (EXIT_FAILURE, errno, "setuid() failed");
		149	- }
		150	+ {
		151	+ error (EXIT_FAILURE, errno, "setuid() failed");
		152	+ }
		153
		154	execv (PATH_RLOGIN, argv);
		155	error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
		156	@@ -551,14 +551,14 @@ try_connect:
		157	}
		158
		159	if (seteuid (uid) == -1)
		160	- {
		161	- error (EXIT_FAILURE, errno, "seteuid() failed");
		162	- }
		163	+ {
		164	+ error (EXIT_FAILURE, errno, "seteuid() failed");
		165	+ }
		166
		167	if (setuid (uid) == -1)
		168	- {
		169	- error (EXIT_FAILURE, errno, "setuid() failed");
		170	- }
		171	+ {
		172	+ error (EXIT_FAILURE, errno, "setuid() failed");
		173	+ }
		174
		175	#ifdef HAVE_SIGACTION
		176	sigemptyset (&sigs);
		177	diff --git a/src/rshd.c b/src/rshd.c
		178	index 707790e7..3a153a18 100644
		179	--- a/src/rshd.c
		180	+++ b/src/rshd.c
		181	@@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
		182
		183	/* Set the gid, then uid to become the user specified by "locuser" */
		184	if (setegid ((gid_t) pwd->pw_gid) == -1)
		185	- {
		186	- rshd_error ("Cannot drop privileges (setegid() failed)\n");
		187	- exit (EXIT_FAILURE);
		188	- }
		189	+ {
		190	+ rshd_error ("Cannot drop privileges (setegid() failed)\n");
		191	+ exit (EXIT_FAILURE);
		192	+ }
		193
		194	if (setgid ((gid_t) pwd->pw_gid) == -1)
		195	- {
		196	- rshd_error ("Cannot drop privileges (setgid() failed)\n");
		197	- exit (EXIT_FAILURE);
		198	- }
		199	+ {
		200	+ rshd_error ("Cannot drop privileges (setgid() failed)\n");
		201	+ exit (EXIT_FAILURE);
		202	+ }
		203
		204	#ifdef HAVE_INITGROUPS
		205	initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
		206	@@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
		207	#endif /* WITH_PAM */
		208
		209	if (setuid ((uid_t) pwd->pw_uid) == -1)
		210	- {
		211	- rshd_error ("Cannot drop privileges (setuid() failed)\n");
		212	- exit (EXIT_FAILURE);
		213	- }
		214	+ {
		215	+ rshd_error ("Cannot drop privileges (setuid() failed)\n");
		216	+ exit (EXIT_FAILURE);
		217	+ }
		218
		219	/* We'll execute the client's command in the home directory
		220	* of locuser. Note, that the chdir must be executed after
		221	diff --git a/src/uucpd.c b/src/uucpd.c
		222	index 29cfce35..fde7b9c9 100644
		223	--- a/src/uucpd.c
		224	+++ b/src/uucpd.c
		225	@@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen)
		226	dologin (pw, sap, salen);
		227
		228	if (setgid (pw->pw_gid) == -1)
		229	- {
		230	- fprintf (stderr, "setgid() failed");
		231	- return;
		232	- }
		233	+ {
		234	+ fprintf (stderr, "setgid() failed");
		235	+ return;
		236	+ }
		237	#ifdef HAVE_INITGROUPS
		238	initgroups (pw->pw_name, pw->pw_gid);
		239	#endif
		240	@@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen)
		241	}
		242
		243	if (setuid (pw->pw_uid) == -1)
		244	- {
		245	- fprintf (stderr, "setuid() failed");
		246	- return;
		247	- }
		248	+ {
		249	+ fprintf (stderr, "setuid() failed");
		250	+ return;
		251	+ }
		252
		253	execl (uucico_location, "uucico", NULL);
		254	perror ("uucico server: execl");


diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.2.bb b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb index d8062e2b21..6f9173dbc1 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.2.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb
@@ -22,6 +22,8 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
22	file://inetutils-1.9-PATH_PROCNET_DEV.patch \	22	file://inetutils-1.9-PATH_PROCNET_DEV.patch \
23	file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \	23	file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
24	file://CVE-2022-39028.patch \	24	file://CVE-2022-39028.patch \
		25	file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \
		26	file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \
25	"	27	"
26		28
27	inherit autotools gettext update-alternatives texinfo	29	inherit autotools gettext update-alternatives texinfo