public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug network/18724] Harden put*ent functions against data injection
2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
@ 2015-07-27 12:26 ` fweimer at redhat dot com
2015-08-27 21:53 ` [Bug libc/18724] " jsm28 at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2015-07-27 12:26 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=18724
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug network/18724] New: Harden put*ent functions against data injection
@ 2015-07-27 12:26 fweimer at redhat dot com
2015-07-27 12:26 ` [Bug network/18724] " fweimer at redhat dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2015-07-27 12:26 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=18724
Bug ID: 18724
Summary: Harden put*ent functions against data injection
Product: glibc
Version: 2.21
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: fweimer at redhat dot com
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security-
putpwent, putspent and similar functions should check the values they write for
newlines and ':' characters to avoid data injection.
This is just hardening, no known security impact. Known callers of putpwent
implement the checks themselves.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/18724] Harden put*ent functions against data injection
2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
2015-07-27 12:26 ` [Bug network/18724] " fweimer at redhat dot com
@ 2015-08-27 21:53 ` jsm28 at gcc dot gnu.org
2015-10-02 9:35 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2015-08-27 21:53 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=18724
Joseph Myers <jsm28 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |drepper.fsp at gmail dot com
Component|network |libc
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/18724] Harden put*ent functions against data injection
2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
2015-07-27 12:26 ` [Bug network/18724] " fweimer at redhat dot com
2015-08-27 21:53 ` [Bug libc/18724] " jsm28 at gcc dot gnu.org
@ 2015-10-02 9:35 ` cvs-commit at gcc dot gnu.org
2015-10-02 9:36 ` fweimer at redhat dot com
2015-10-29 16:38 ` jsm28 at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2015-10-02 9:35 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=18724
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 676599b36a92f3c201c5682ee7a5caddd9f370a4 (commit)
from b0f81637d5bda47be93bac34b68f429a12979321 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=676599b36a92f3c201c5682ee7a5caddd9f370a4
commit 676599b36a92f3c201c5682ee7a5caddd9f370a4
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Oct 2 11:34:13 2015 +0200
Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]
This prevents injection of ':' and '\n' into output functions which
use the NSS files database syntax. Critical fields (user/group names
and file system paths) are checked strictly. For backwards
compatibility, the GECOS field is rewritten instead.
The getent program is adjusted to use the put*ent functions in libc,
instead of local copies. This changes the behavior of getent if user
names start with '-' or '+'.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 38 +++++++++++
NEWS | 10 ++--
grp/Makefile | 2 +-
grp/putgrent.c | 15 ++--
grp/tst-putgrent.c | 167 +++++++++++++++++++++++++++++++++++++++++++++++
gshadow/Makefile | 2 +-
gshadow/putsgent.c | 11 +++
gshadow/tst-putsgent.c | 168 ++++++++++++++++++++++++++++++++++++++++++++++++
include/nss.h | 13 ++++
include/pwd.h | 2 +-
nss/Makefile | 8 ++-
nss/getent.c | 76 ++-------------------
nss/rewrite_field.c | 51 +++++++++++++++
nss/tst-field.c | 101 +++++++++++++++++++++++++++++
nss/valid_field.c | 31 +++++++++
nss/valid_list_field.c | 35 ++++++++++
pwd/Makefile | 2 +-
pwd/putpwent.c | 52 +++++++++------
pwd/tst-putpwent.c | 168 ++++++++++++++++++++++++++++++++++++++++++++++++
shadow/Makefile | 2 +-
shadow/putspent.c | 9 +++
shadow/tst-putspent.c | 164 ++++++++++++++++++++++++++++++++++++++++++++++
22 files changed, 1018 insertions(+), 109 deletions(-)
create mode 100644 grp/tst-putgrent.c
create mode 100644 gshadow/tst-putsgent.c
create mode 100644 nss/rewrite_field.c
create mode 100644 nss/tst-field.c
create mode 100644 nss/valid_field.c
create mode 100644 nss/valid_list_field.c
create mode 100644 pwd/tst-putpwent.c
create mode 100644 shadow/tst-putspent.c
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/18724] Harden put*ent functions against data injection
2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
` (2 preceding siblings ...)
2015-10-02 9:35 ` cvs-commit at gcc dot gnu.org
@ 2015-10-02 9:36 ` fweimer at redhat dot com
2015-10-29 16:38 ` jsm28 at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2015-10-02 9:36 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=18724
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
Fixed in 2.23.
(This bug was present for a very long time.)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/18724] Harden put*ent functions against data injection
2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
` (3 preceding siblings ...)
2015-10-02 9:36 ` fweimer at redhat dot com
@ 2015-10-29 16:38 ` jsm28 at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2015-10-29 16:38 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=18724
Joseph Myers <jsm28 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |2.23
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-10-29 16:38 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
2015-07-27 12:26 ` [Bug network/18724] " fweimer at redhat dot com
2015-08-27 21:53 ` [Bug libc/18724] " jsm28 at gcc dot gnu.org
2015-10-02 9:35 ` cvs-commit at gcc dot gnu.org
2015-10-02 9:36 ` fweimer at redhat dot com
2015-10-29 16:38 ` jsm28 at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).