3 files changed, 534 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
new file mode 100644
index 0000000000..70bd98897d
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
@@ -0,0 +1,279 @@
+From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Date: Fri, 30 Jun 2023 19:02:45 +0200
+Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check
+ set*id() return values
+Several setuid(), setgid(), seteuid() and setguid() return values
+were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
+leading to potential security issues.
+CVE: CVE-2023-40303
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
+Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ ftpd/ftpd.c  | 10 +++++++---
+ src/rcp.c    | 39 +++++++++++++++++++++++++++++++++------
+ src/rlogin.c | 11 +++++++++--
+ src/rsh.c    | 25 +++++++++++++++++++++----
+ src/rshd.c   | 20 +++++++++++++++++---
+ src/uucpd.c  | 15 +++++++++++++--
+ 6 files changed, 100 insertions(+), 20 deletions(-)
+diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
+index 92b2cca5..28dd523f 100644
+--- a/ftpd/ftpd.c
+++ b/ftpd/ftpd.c
+@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
+   char *remotehost = pcred->remotehost;
+   int atype = pcred->auth_type;
+ 
+-  seteuid ((uid_t) 0);
+  if (seteuid ((uid_t) 0) == -1)
+    _exit (EXIT_FAILURE);
+
+   if (pcred->logged_in)
+     {
+       logwtmp_keep_open (ttyline, "", "");
+@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
+ 
+   if (data >= 0)
+     return fdopen (data, mode);
+-  seteuid ((uid_t) 0);
+  if (seteuid ((uid_t) 0) == -1)
+    _exit (EXIT_FAILURE);
+   s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
+   if (s < 0)
+     goto bad;
+@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
+   else /* !AF_INET6 */
+     ((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
+ 
+-  seteuid ((uid_t) 0);
+  if (seteuid ((uid_t) 0) == -1)
+    _exit (EXIT_FAILURE);
+   if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
+     {
+       if (seteuid ((uid_t) cred.uid))
+diff --git a/src/rcp.c b/src/rcp.c
+index 75adb253..cdcf8500 100644
+--- a/src/rcp.c
+++ b/src/rcp.c
+@@ -345,14 +345,23 @@ main (int argc, char *argv[])
+   if (from_option)
+     {                          /* Follow "protocol", send data. */
+       response ();
+-      setuid (userid);
+
+      if (setuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+      }
+
+       source (argc, argv);
+       exit (errs);
+     }
+ 
+   if (to_option)
+     {                          /* Receive data. */
+-      setuid (userid);
+      if (setuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+      }
+
+       sink (argc, argv);
+       exit (errs);
+     }
+@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[])
+              if (response () < 0)
+                exit (EXIT_FAILURE);
+              free (bp);
+-             setuid (userid);
+
+             if (setuid (userid) == -1)
+              {
+                error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+              }
+            }
+          source (1, argv + i);
+          close (rem);
+@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[])
+          ++errs;
+          continue;
+        }
+-      seteuid (userid);
+
+      if (seteuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+      }
+
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+       sslen = sizeof (ss);
+       (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
+@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[])
+ #endif
+       vect[0] = target;
+       sink (1, vect);
+-      seteuid (effuid);
+
+      if (seteuid (effuid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+      }
+
+       close (rem);
+       rem = -1;
+ #ifdef SHISHI
+@@ -1441,7 +1464,11 @@ susystem (char *s, int userid)
+       return (127);
+ 
+     case 0:
+-      setuid (userid);
+      if (setuid (userid) == -1)
+      {
+        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+      }
+
+       execl (PATH_BSHELL, "sh", "-c", s, NULL);
+       _exit (127);
+     }
+diff --git a/src/rlogin.c b/src/rlogin.c
+index aa6426fb..c543de0c 100644
+--- a/src/rlogin.c
+++ b/src/rlogin.c
+@@ -647,8 +647,15 @@ try_connect:
+   /* Now change to the real user ID.  We have to be set-user-ID root
+      to get the privileged port that rcmd () uses.  We now want, however,
+      to run as the real user who invoked us.  */
+-  seteuid (uid);
+-  setuid (uid);
+  if (seteuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+  }
+
+  if (setuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+  }
+ 
+   doit (&osmask);      /* The old mask will activate SIGURG and SIGUSR1!  */
+ 
+diff --git a/src/rsh.c b/src/rsh.c
+index 2d622ca4..6f60667d 100644
+--- a/src/rsh.c
+++ b/src/rsh.c
+@@ -276,8 +276,17 @@ main (int argc, char **argv)
+     {
+       if (asrsh)
+        *argv = (char *) "rlogin";
+-      seteuid (getuid ());
+-      setuid (getuid ());
+
+      if (seteuid (getuid ()) == -1)
+      {
+        error (EXIT_FAILURE, errno, "seteuid() failed");
+      }
+
+      if (setuid (getuid ()) == -1)
+      {
+        error (EXIT_FAILURE, errno, "setuid() failed");
+      }
+
+       execv (PATH_RLOGIN, argv);
+       error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+     }
+@@ -541,8 +550,16 @@ try_connect:
+        error (0, errno, "setsockopt DEBUG (ignored)");
+     }
+ 
+-  seteuid (uid);
+-  setuid (uid);
+  if (seteuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, errno, "seteuid() failed");
+  }
+
+  if (setuid (uid) == -1)
+  {
+    error (EXIT_FAILURE, errno, "setuid() failed");
+  }
+
+ #ifdef HAVE_SIGACTION
+   sigemptyset (&sigs);
+   sigaddset (&sigs, SIGINT);
+diff --git a/src/rshd.c b/src/rshd.c
+index d1c0d0cd..707790e7 100644
+--- a/src/rshd.c
+++ b/src/rshd.c
+@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+     pwd->pw_shell = PATH_BSHELL;
+ 
+   /* Set the gid, then uid to become the user specified by "locuser" */
+-  setegid ((gid_t) pwd->pw_gid);
+-  setgid ((gid_t) pwd->pw_gid);
+  if (setegid ((gid_t) pwd->pw_gid) == -1)
+  {
+    rshd_error ("Cannot drop privileges (setegid() failed)\n");
+    exit (EXIT_FAILURE);
+  }
+
+  if (setgid ((gid_t) pwd->pw_gid) == -1)
+  {
+    rshd_error ("Cannot drop privileges (setgid() failed)\n");
+    exit (EXIT_FAILURE);
+  }
+
+ #ifdef HAVE_INITGROUPS
+   initgroups (pwd->pw_name, pwd->pw_gid);      /* BSD groups */
+ #endif
+@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+     }
+ #endif /* WITH_PAM */
+ 
+-  setuid ((uid_t) pwd->pw_uid);
+  if (setuid ((uid_t) pwd->pw_uid) == -1)
+  {
+    rshd_error ("Cannot drop privileges (setuid() failed)\n");
+    exit (EXIT_FAILURE);
+  }
+ 
+   /* We'll execute the client's command in the home directory
+    * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 107589e1..29cfce35 100644
+--- a/src/uucpd.c
+++ b/src/uucpd.c
+@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen)
+   snprintf (Username, sizeof (Username), "USER=%s", user);
+   snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
+   dologin (pw, sap, salen);
+-  setgid (pw->pw_gid);
+
+  if (setgid (pw->pw_gid) == -1)
+  {
+    fprintf (stderr, "setgid() failed");
+    return;
+  }
+ #ifdef HAVE_INITGROUPS
+   initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen)
+       fprintf (stderr, "Login incorrect.");
+       return;
+     }
+-  setuid (pw->pw_uid);
+
+  if (setuid (pw->pw_uid) == -1)
+  {
+    fprintf (stderr, "setuid() failed");
+    return;
+  }
+
+   execl (uucico_location, "uucico", NULL);
+   perror ("uucico server: execl");
+ }
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
new file mode 100644
index 0000000000..1b972aac29
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
@@ -0,0 +1,253 @@
+From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Mon, 31 Jul 2023 13:59:05 +0200
+Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit.
+CVE: CVE-2023-40303
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/rcp.c    | 42 ++++++++++++++++++++++++------------------
+ src/rlogin.c | 12 ++++++------
+ src/rsh.c    | 24 ++++++++++++------------
+ src/rshd.c   | 24 ++++++++++++------------
+ src/uucpd.c  | 16 ++++++++--------
+ 5 files changed, 62 insertions(+), 56 deletions(-)
+diff --git a/src/rcp.c b/src/rcp.c
+index cdcf8500..652f22e6 100644
+--- a/src/rcp.c
+++ b/src/rcp.c
+@@ -347,9 +347,10 @@ main (int argc, char *argv[])
+       response ();
+ 
+       if (setuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-      }
+       {
+         error (EXIT_FAILURE, 0,
+                "Could not drop privileges (setuid() failed)");
+       }
+ 
+       source (argc, argv);
+       exit (errs);
+@@ -358,9 +359,10 @@ main (int argc, char *argv[])
+   if (to_option)
+     {                          /* Receive data. */
+       if (setuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-      }
+       {
+         error (EXIT_FAILURE, 0,
+                "Could not drop privileges (setuid() failed)");
+       }
+ 
+       sink (argc, argv);
+       exit (errs);
+@@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[])
+              free (bp);
+ 
+              if (setuid (userid) == -1)
+-              {
+-                error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-              }
+               {
+                 error (EXIT_FAILURE, 0,
+                        "Could not drop privileges (setuid() failed)");
+               }
+            }
+          source (1, argv + i);
+          close (rem);
+@@ -645,9 +648,10 @@ tolocal (int argc, char *argv[])
+        }
+ 
+       if (seteuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+-      }
+       {
+         error (EXIT_FAILURE, 0,
+                "Could not drop privileges (seteuid() failed)");
+       }
+ 
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+       sslen = sizeof (ss);
+@@ -663,9 +667,10 @@ tolocal (int argc, char *argv[])
+       sink (1, vect);
+ 
+       if (seteuid (effuid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+-      }
+       {
+         error (EXIT_FAILURE, 0,
+                "Could not drop privileges (seteuid() failed)");
+       }
+ 
+       close (rem);
+       rem = -1;
+@@ -1465,9 +1470,10 @@ susystem (char *s, int userid)
+ 
+     case 0:
+       if (setuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-      }
+       {
+         error (EXIT_FAILURE, 0,
+                "Could not drop privileges (setuid() failed)");
+       }
+ 
+       execl (PATH_BSHELL, "sh", "-c", s, NULL);
+       _exit (127);
+diff --git a/src/rlogin.c b/src/rlogin.c
+index c543de0c..4360202f 100644
+--- a/src/rlogin.c
+++ b/src/rlogin.c
+@@ -648,14 +648,14 @@ try_connect:
+      to get the privileged port that rcmd () uses.  We now want, however,
+      to run as the real user who invoked us.  */
+   if (seteuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+-  }
+    {
+      error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+    }
+ 
+   if (setuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-  }
+    {
+      error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+    }
+ 
+   doit (&osmask);      /* The old mask will activate SIGURG and SIGUSR1!  */
+ 
+diff --git a/src/rsh.c b/src/rsh.c
+index 6f60667d..179b47cd 100644
+--- a/src/rsh.c
+++ b/src/rsh.c
+@@ -278,14 +278,14 @@ main (int argc, char **argv)
+        *argv = (char *) "rlogin";
+ 
+       if (seteuid (getuid ()) == -1)
+-      {
+-        error (EXIT_FAILURE, errno, "seteuid() failed");
+-      }
+       {
+         error (EXIT_FAILURE, errno, "seteuid() failed");
+       }
+ 
+       if (setuid (getuid ()) == -1)
+-      {
+-        error (EXIT_FAILURE, errno, "setuid() failed");
+-      }
+       {
+         error (EXIT_FAILURE, errno, "setuid() failed");
+       }
+ 
+       execv (PATH_RLOGIN, argv);
+       error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+@@ -551,14 +551,14 @@ try_connect:
+     }
+ 
+   if (seteuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, errno, "seteuid() failed");
+-  }
+    {
+      error (EXIT_FAILURE, errno, "seteuid() failed");
+    }
+ 
+   if (setuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, errno, "setuid() failed");
+-  }
+    {
+      error (EXIT_FAILURE, errno, "setuid() failed");
+    }
+ 
+ #ifdef HAVE_SIGACTION
+   sigemptyset (&sigs);
+diff --git a/src/rshd.c b/src/rshd.c
+index 707790e7..3a153a18 100644
+--- a/src/rshd.c
+++ b/src/rshd.c
+@@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ 
+   /* Set the gid, then uid to become the user specified by "locuser" */
+   if (setegid ((gid_t) pwd->pw_gid) == -1)
+-  {
+-    rshd_error ("Cannot drop privileges (setegid() failed)\n");
+-    exit (EXIT_FAILURE);
+-  }
+    {
+      rshd_error ("Cannot drop privileges (setegid() failed)\n");
+      exit (EXIT_FAILURE);
+    }
+ 
+   if (setgid ((gid_t) pwd->pw_gid) == -1)
+-  {
+-    rshd_error ("Cannot drop privileges (setgid() failed)\n");
+-    exit (EXIT_FAILURE);
+-  }
+    {
+      rshd_error ("Cannot drop privileges (setgid() failed)\n");
+      exit (EXIT_FAILURE);
+    }
+ 
+ #ifdef HAVE_INITGROUPS
+   initgroups (pwd->pw_name, pwd->pw_gid);      /* BSD groups */
+@@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ #endif /* WITH_PAM */
+ 
+   if (setuid ((uid_t) pwd->pw_uid) == -1)
+-  {
+-    rshd_error ("Cannot drop privileges (setuid() failed)\n");
+-    exit (EXIT_FAILURE);
+-  }
+    {
+      rshd_error ("Cannot drop privileges (setuid() failed)\n");
+      exit (EXIT_FAILURE);
+    }
+ 
+   /* We'll execute the client's command in the home directory
+    * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 29cfce35..fde7b9c9 100644
+--- a/src/uucpd.c
+++ b/src/uucpd.c
+@@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen)
+   dologin (pw, sap, salen);
+ 
+   if (setgid (pw->pw_gid) == -1)
+-  {
+-    fprintf (stderr, "setgid() failed");
+-    return;
+-  }
+    {
+      fprintf (stderr, "setgid() failed");
+      return;
+    }
+ #ifdef HAVE_INITGROUPS
+   initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen)
+     }
+ 
+   if (setuid (pw->pw_uid) == -1)
+-  {
+-    fprintf (stderr, "setuid() failed");
+-    return;
+-  }
+    {
+      fprintf (stderr, "setuid() failed");
+      return;
+    }
+ 
+   execl (uucico_location, "uucico", NULL);
+   perror ("uucico server: execl");
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
index bcc3a0258e..19fc3bfde6 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
@@ -22,6 +22,8 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
           file://tftpd.xinetd.inetutils \
           file://inetutils-1.9-PATH_PROCNET_DEV.patch \
           file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
+           file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \
+           file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \
 "
 inherit autotools gettext update-alternatives texinfo

diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch new file mode 100644 index 0000000000..70bd98897d --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
@@ -0,0 +1,279 @@
		1	From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001
		2	From: Jeffrey Bencteux <jeffbencteux@gmail.com>
		3	Date: Fri, 30 Jun 2023 19:02:45 +0200
		4	Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check
		5	set*id() return values
		6
		7	Several setuid(), setgid(), seteuid() and setguid() return values
		8	were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
		9	leading to potential security issues.
		10
		11	CVE: CVE-2023-40303
		12	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
		13	Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
		14	Signed-off-by: Simon Josefsson <simon@josefsson.org>
		15	Signed-off-by: Khem Raj <raj.khem@gmail.com>
		16	---
		17	ftpd/ftpd.c \| 10 +++++++---
		18	src/rcp.c \| 39 +++++++++++++++++++++++++++++++++------
		19	src/rlogin.c \| 11 +++++++++--
		20	src/rsh.c \| 25 +++++++++++++++++++++----
		21	src/rshd.c \| 20 +++++++++++++++++---
		22	src/uucpd.c \| 15 +++++++++++++--
		23	6 files changed, 100 insertions(+), 20 deletions(-)
		24
		25	diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
		26	index 92b2cca5..28dd523f 100644
		27	--- a/ftpd/ftpd.c
		28	+++ b/ftpd/ftpd.c
		29	@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
		30	char *remotehost = pcred->remotehost;
		31	int atype = pcred->auth_type;
		32
		33	- seteuid ((uid_t) 0);
		34	+ if (seteuid ((uid_t) 0) == -1)
		35	+ _exit (EXIT_FAILURE);
		36	+
		37	if (pcred->logged_in)
		38	{
		39	logwtmp_keep_open (ttyline, "", "");
		40	@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
		41
		42	if (data >= 0)
		43	return fdopen (data, mode);
		44	- seteuid ((uid_t) 0);
		45	+ if (seteuid ((uid_t) 0) == -1)
		46	+ _exit (EXIT_FAILURE);
		47	s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
		48	if (s < 0)
		49	goto bad;
		50	@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
		51	else /* !AF_INET6 */
		52	((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
		53
		54	- seteuid ((uid_t) 0);
		55	+ if (seteuid ((uid_t) 0) == -1)
		56	+ _exit (EXIT_FAILURE);
		57	if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
		58	{
		59	if (seteuid ((uid_t) cred.uid))
		60	diff --git a/src/rcp.c b/src/rcp.c
		61	index 75adb253..cdcf8500 100644
		62	--- a/src/rcp.c
		63	+++ b/src/rcp.c
		64	@@ -345,14 +345,23 @@ main (int argc, char *argv[])
		65	if (from_option)
		66	{ /* Follow "protocol", send data. */
		67	response ();
		68	- setuid (userid);
		69	+
		70	+ if (setuid (userid) == -1)
		71	+ {
		72	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		73	+ }
		74	+
		75	source (argc, argv);
		76	exit (errs);
		77	}
		78
		79	if (to_option)
		80	{ /* Receive data. */
		81	- setuid (userid);
		82	+ if (setuid (userid) == -1)
		83	+ {
		84	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		85	+ }
		86	+
		87	sink (argc, argv);
		88	exit (errs);
		89	}
		90	@@ -537,7 +546,11 @@ toremote (char targ, int argc, char argv[])
		91	if (response () < 0)
		92	exit (EXIT_FAILURE);
		93	free (bp);
		94	- setuid (userid);
		95	+
		96	+ if (setuid (userid) == -1)
		97	+ {
		98	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		99	+ }
		100	}
		101	source (1, argv + i);
		102	close (rem);
		103	@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[])
		104	++errs;
		105	continue;
		106	}
		107	- seteuid (userid);
		108	+
		109	+ if (seteuid (userid) == -1)
		110	+ {
		111	+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		112	+ }
		113	+
		114	#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
		115	sslen = sizeof (ss);
		116	(void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
		117	@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[])
		118	#endif
		119	vect[0] = target;
		120	sink (1, vect);
		121	- seteuid (effuid);
		122	+
		123	+ if (seteuid (effuid) == -1)
		124	+ {
		125	+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		126	+ }
		127	+
		128	close (rem);
		129	rem = -1;
		130	#ifdef SHISHI
		131	@@ -1441,7 +1464,11 @@ susystem (char *s, int userid)
		132	return (127);
		133
		134	case 0:
		135	- setuid (userid);
		136	+ if (setuid (userid) == -1)
		137	+ {
		138	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		139	+ }
		140	+
		141	execl (PATH_BSHELL, "sh", "-c", s, NULL);
		142	_exit (127);
		143	}
		144	diff --git a/src/rlogin.c b/src/rlogin.c
		145	index aa6426fb..c543de0c 100644
		146	--- a/src/rlogin.c
		147	+++ b/src/rlogin.c
		148	@@ -647,8 +647,15 @@ try_connect:
		149	/* Now change to the real user ID. We have to be set-user-ID root
		150	to get the privileged port that rcmd () uses. We now want, however,
		151	to run as the real user who invoked us. */
		152	- seteuid (uid);
		153	- setuid (uid);
		154	+ if (seteuid (uid) == -1)
		155	+ {
		156	+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		157	+ }
		158	+
		159	+ if (setuid (uid) == -1)
		160	+ {
		161	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		162	+ }
		163
		164	doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
		165
		166	diff --git a/src/rsh.c b/src/rsh.c
		167	index 2d622ca4..6f60667d 100644
		168	--- a/src/rsh.c
		169	+++ b/src/rsh.c
		170	@@ -276,8 +276,17 @@ main (int argc, char **argv)
		171	{
		172	if (asrsh)
		173	argv = (char ) "rlogin";
		174	- seteuid (getuid ());
		175	- setuid (getuid ());
		176	+
		177	+ if (seteuid (getuid ()) == -1)
		178	+ {
		179	+ error (EXIT_FAILURE, errno, "seteuid() failed");
		180	+ }
		181	+
		182	+ if (setuid (getuid ()) == -1)
		183	+ {
		184	+ error (EXIT_FAILURE, errno, "setuid() failed");
		185	+ }
		186	+
		187	execv (PATH_RLOGIN, argv);
		188	error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
		189	}
		190	@@ -541,8 +550,16 @@ try_connect:
		191	error (0, errno, "setsockopt DEBUG (ignored)");
		192	}
		193
		194	- seteuid (uid);
		195	- setuid (uid);
		196	+ if (seteuid (uid) == -1)
		197	+ {
		198	+ error (EXIT_FAILURE, errno, "seteuid() failed");
		199	+ }
		200	+
		201	+ if (setuid (uid) == -1)
		202	+ {
		203	+ error (EXIT_FAILURE, errno, "setuid() failed");
		204	+ }
		205	+
		206	#ifdef HAVE_SIGACTION
		207	sigemptyset (&sigs);
		208	sigaddset (&sigs, SIGINT);
		209	diff --git a/src/rshd.c b/src/rshd.c
		210	index d1c0d0cd..707790e7 100644
		211	--- a/src/rshd.c
		212	+++ b/src/rshd.c
		213	@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
		214	pwd->pw_shell = PATH_BSHELL;
		215
		216	/* Set the gid, then uid to become the user specified by "locuser" */
		217	- setegid ((gid_t) pwd->pw_gid);
		218	- setgid ((gid_t) pwd->pw_gid);
		219	+ if (setegid ((gid_t) pwd->pw_gid) == -1)
		220	+ {
		221	+ rshd_error ("Cannot drop privileges (setegid() failed)\n");
		222	+ exit (EXIT_FAILURE);
		223	+ }
		224	+
		225	+ if (setgid ((gid_t) pwd->pw_gid) == -1)
		226	+ {
		227	+ rshd_error ("Cannot drop privileges (setgid() failed)\n");
		228	+ exit (EXIT_FAILURE);
		229	+ }
		230	+
		231	#ifdef HAVE_INITGROUPS
		232	initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
		233	#endif
		234	@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
		235	}
		236	#endif /* WITH_PAM */
		237
		238	- setuid ((uid_t) pwd->pw_uid);
		239	+ if (setuid ((uid_t) pwd->pw_uid) == -1)
		240	+ {
		241	+ rshd_error ("Cannot drop privileges (setuid() failed)\n");
		242	+ exit (EXIT_FAILURE);
		243	+ }
		244
		245	/* We'll execute the client's command in the home directory
		246	* of locuser. Note, that the chdir must be executed after
		247	diff --git a/src/uucpd.c b/src/uucpd.c
		248	index 107589e1..29cfce35 100644
		249	--- a/src/uucpd.c
		250	+++ b/src/uucpd.c
		251	@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen)
		252	snprintf (Username, sizeof (Username), "USER=%s", user);
		253	snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
		254	dologin (pw, sap, salen);
		255	- setgid (pw->pw_gid);
		256	+
		257	+ if (setgid (pw->pw_gid) == -1)
		258	+ {
		259	+ fprintf (stderr, "setgid() failed");
		260	+ return;
		261	+ }
		262	#ifdef HAVE_INITGROUPS
		263	initgroups (pw->pw_name, pw->pw_gid);
		264	#endif
		265	@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen)
		266	fprintf (stderr, "Login incorrect.");
		267	return;
		268	}
		269	- setuid (pw->pw_uid);
		270	+
		271	+ if (setuid (pw->pw_uid) == -1)
		272	+ {
		273	+ fprintf (stderr, "setuid() failed");
		274	+ return;
		275	+ }
		276	+
		277	execl (uucico_location, "uucico", NULL);
		278	perror ("uucico server: execl");
		279	}


diff --git a/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch new file mode 100644 index 0000000000..1b972aac29 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
@@ -0,0 +1,253 @@
		1	From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001
		2	From: Simon Josefsson <simon@josefsson.org>
		3	Date: Mon, 31 Jul 2023 13:59:05 +0200
		4	Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit.
		5
		6	CVE: CVE-2023-40303
		7	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d]
		8	Signed-off-by: Khem Raj <raj.khem@gmail.com>
		9	---
		10	src/rcp.c \| 42 ++++++++++++++++++++++++------------------
		11	src/rlogin.c \| 12 ++++++------
		12	src/rsh.c \| 24 ++++++++++++------------
		13	src/rshd.c \| 24 ++++++++++++------------
		14	src/uucpd.c \| 16 ++++++++--------
		15	5 files changed, 62 insertions(+), 56 deletions(-)
		16
		17	diff --git a/src/rcp.c b/src/rcp.c
		18	index cdcf8500..652f22e6 100644
		19	--- a/src/rcp.c
		20	+++ b/src/rcp.c
		21	@@ -347,9 +347,10 @@ main (int argc, char *argv[])
		22	response ();
		23
		24	if (setuid (userid) == -1)
		25	- {
		26	- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		27	- }
		28	+ {
		29	+ error (EXIT_FAILURE, 0,
		30	+ "Could not drop privileges (setuid() failed)");
		31	+ }
		32
		33	source (argc, argv);
		34	exit (errs);
		35	@@ -358,9 +359,10 @@ main (int argc, char *argv[])
		36	if (to_option)
		37	{ /* Receive data. */
		38	if (setuid (userid) == -1)
		39	- {
		40	- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		41	- }
		42	+ {
		43	+ error (EXIT_FAILURE, 0,
		44	+ "Could not drop privileges (setuid() failed)");
		45	+ }
		46
		47	sink (argc, argv);
		48	exit (errs);
		49	@@ -548,9 +550,10 @@ toremote (char targ, int argc, char argv[])
		50	free (bp);
		51
		52	if (setuid (userid) == -1)
		53	- {
		54	- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		55	- }
		56	+ {
		57	+ error (EXIT_FAILURE, 0,
		58	+ "Could not drop privileges (setuid() failed)");
		59	+ }
		60	}
		61	source (1, argv + i);
		62	close (rem);
		63	@@ -645,9 +648,10 @@ tolocal (int argc, char *argv[])
		64	}
		65
		66	if (seteuid (userid) == -1)
		67	- {
		68	- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		69	- }
		70	+ {
		71	+ error (EXIT_FAILURE, 0,
		72	+ "Could not drop privileges (seteuid() failed)");
		73	+ }
		74
		75	#if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
		76	sslen = sizeof (ss);
		77	@@ -663,9 +667,10 @@ tolocal (int argc, char *argv[])
		78	sink (1, vect);
		79
		80	if (seteuid (effuid) == -1)
		81	- {
		82	- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		83	- }
		84	+ {
		85	+ error (EXIT_FAILURE, 0,
		86	+ "Could not drop privileges (seteuid() failed)");
		87	+ }
		88
		89	close (rem);
		90	rem = -1;
		91	@@ -1465,9 +1470,10 @@ susystem (char *s, int userid)
		92
		93	case 0:
		94	if (setuid (userid) == -1)
		95	- {
		96	- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		97	- }
		98	+ {
		99	+ error (EXIT_FAILURE, 0,
		100	+ "Could not drop privileges (setuid() failed)");
		101	+ }
		102
		103	execl (PATH_BSHELL, "sh", "-c", s, NULL);
		104	_exit (127);
		105	diff --git a/src/rlogin.c b/src/rlogin.c
		106	index c543de0c..4360202f 100644
		107	--- a/src/rlogin.c
		108	+++ b/src/rlogin.c
		109	@@ -648,14 +648,14 @@ try_connect:
		110	to get the privileged port that rcmd () uses. We now want, however,
		111	to run as the real user who invoked us. */
		112	if (seteuid (uid) == -1)
		113	- {
		114	- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		115	- }
		116	+ {
		117	+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
		118	+ }
		119
		120	if (setuid (uid) == -1)
		121	- {
		122	- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		123	- }
		124	+ {
		125	+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
		126	+ }
		127
		128	doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
		129
		130	diff --git a/src/rsh.c b/src/rsh.c
		131	index 6f60667d..179b47cd 100644
		132	--- a/src/rsh.c
		133	+++ b/src/rsh.c
		134	@@ -278,14 +278,14 @@ main (int argc, char **argv)
		135	argv = (char ) "rlogin";
		136
		137	if (seteuid (getuid ()) == -1)
		138	- {
		139	- error (EXIT_FAILURE, errno, "seteuid() failed");
		140	- }
		141	+ {
		142	+ error (EXIT_FAILURE, errno, "seteuid() failed");
		143	+ }
		144
		145	if (setuid (getuid ()) == -1)
		146	- {
		147	- error (EXIT_FAILURE, errno, "setuid() failed");
		148	- }
		149	+ {
		150	+ error (EXIT_FAILURE, errno, "setuid() failed");
		151	+ }
		152
		153	execv (PATH_RLOGIN, argv);
		154	error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
		155	@@ -551,14 +551,14 @@ try_connect:
		156	}
		157
		158	if (seteuid (uid) == -1)
		159	- {
		160	- error (EXIT_FAILURE, errno, "seteuid() failed");
		161	- }
		162	+ {
		163	+ error (EXIT_FAILURE, errno, "seteuid() failed");
		164	+ }
		165
		166	if (setuid (uid) == -1)
		167	- {
		168	- error (EXIT_FAILURE, errno, "setuid() failed");
		169	- }
		170	+ {
		171	+ error (EXIT_FAILURE, errno, "setuid() failed");
		172	+ }
		173
		174	#ifdef HAVE_SIGACTION
		175	sigemptyset (&sigs);
		176	diff --git a/src/rshd.c b/src/rshd.c
		177	index 707790e7..3a153a18 100644
		178	--- a/src/rshd.c
		179	+++ b/src/rshd.c
		180	@@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
		181
		182	/* Set the gid, then uid to become the user specified by "locuser" */
		183	if (setegid ((gid_t) pwd->pw_gid) == -1)
		184	- {
		185	- rshd_error ("Cannot drop privileges (setegid() failed)\n");
		186	- exit (EXIT_FAILURE);
		187	- }
		188	+ {
		189	+ rshd_error ("Cannot drop privileges (setegid() failed)\n");
		190	+ exit (EXIT_FAILURE);
		191	+ }
		192
		193	if (setgid ((gid_t) pwd->pw_gid) == -1)
		194	- {
		195	- rshd_error ("Cannot drop privileges (setgid() failed)\n");
		196	- exit (EXIT_FAILURE);
		197	- }
		198	+ {
		199	+ rshd_error ("Cannot drop privileges (setgid() failed)\n");
		200	+ exit (EXIT_FAILURE);
		201	+ }
		202
		203	#ifdef HAVE_INITGROUPS
		204	initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
		205	@@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
		206	#endif /* WITH_PAM */
		207
		208	if (setuid ((uid_t) pwd->pw_uid) == -1)
		209	- {
		210	- rshd_error ("Cannot drop privileges (setuid() failed)\n");
		211	- exit (EXIT_FAILURE);
		212	- }
		213	+ {
		214	+ rshd_error ("Cannot drop privileges (setuid() failed)\n");
		215	+ exit (EXIT_FAILURE);
		216	+ }
		217
		218	/* We'll execute the client's command in the home directory
		219	* of locuser. Note, that the chdir must be executed after
		220	diff --git a/src/uucpd.c b/src/uucpd.c
		221	index 29cfce35..fde7b9c9 100644
		222	--- a/src/uucpd.c
		223	+++ b/src/uucpd.c
		224	@@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen)
		225	dologin (pw, sap, salen);
		226
		227	if (setgid (pw->pw_gid) == -1)
		228	- {
		229	- fprintf (stderr, "setgid() failed");
		230	- return;
		231	- }
		232	+ {
		233	+ fprintf (stderr, "setgid() failed");
		234	+ return;
		235	+ }
		236	#ifdef HAVE_INITGROUPS
		237	initgroups (pw->pw_name, pw->pw_gid);
		238	#endif
		239	@@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen)
		240	}
		241
		242	if (setuid (pw->pw_uid) == -1)
		243	- {
		244	- fprintf (stderr, "setuid() failed");
		245	- return;
		246	- }
		247	+ {
		248	+ fprintf (stderr, "setuid() failed");
		249	+ return;
		250	+ }
		251
		252	execl (uucico_location, "uucico", NULL);
		253	perror ("uucico server: execl");


diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb index bcc3a0258e..19fc3bfde6 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
@@ -22,6 +22,8 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
22	file://tftpd.xinetd.inetutils \	22	file://tftpd.xinetd.inetutils \
23	file://inetutils-1.9-PATH_PROCNET_DEV.patch \	23	file://inetutils-1.9-PATH_PROCNET_DEV.patch \
24	file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \	24	file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
		25	file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \
		26	file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \
25	"	27	"
26		28
27	inherit autotools gettext update-alternatives texinfo	29	inherit autotools gettext update-alternatives texinfo