From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 110437 invoked by alias); 2 Oct 2015 09:35:21 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 110371 invoked by uid 55); 2 Oct 2015 09:35:17 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug libc/18724] Harden put*ent functions against data injection Date: Fri, 02 Oct 2015 09:35:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: 2.21 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: fweimer at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-10/txt/msg00035.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=18724 --- Comment #1 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via 676599b36a92f3c201c5682ee7a5caddd9f370a4 (commit) from b0f81637d5bda47be93bac34b68f429a12979321 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=676599b36a92f3c201c5682ee7a5caddd9f370a4 commit 676599b36a92f3c201c5682ee7a5caddd9f370a4 Author: Florian Weimer Date: Fri Oct 2 11:34:13 2015 +0200 Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724] This prevents injection of ':' and '\n' into output functions which use the NSS files database syntax. Critical fields (user/group names and file system paths) are checked strictly. For backwards compatibility, the GECOS field is rewritten instead. The getent program is adjusted to use the put*ent functions in libc, instead of local copies. This changes the behavior of getent if user names start with '-' or '+'. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 38 +++++++++++ NEWS | 10 ++-- grp/Makefile | 2 +- grp/putgrent.c | 15 ++-- grp/tst-putgrent.c | 167 +++++++++++++++++++++++++++++++++++++++++++++++ gshadow/Makefile | 2 +- gshadow/putsgent.c | 11 +++ gshadow/tst-putsgent.c | 168 ++++++++++++++++++++++++++++++++++++++++++++++++ include/nss.h | 13 ++++ include/pwd.h | 2 +- nss/Makefile | 8 ++- nss/getent.c | 76 ++------------------- nss/rewrite_field.c | 51 +++++++++++++++ nss/tst-field.c | 101 +++++++++++++++++++++++++++++ nss/valid_field.c | 31 +++++++++ nss/valid_list_field.c | 35 ++++++++++ pwd/Makefile | 2 +- pwd/putpwent.c | 52 +++++++++------ pwd/tst-putpwent.c | 168 ++++++++++++++++++++++++++++++++++++++++++++++++ shadow/Makefile | 2 +- shadow/putspent.c | 9 +++ shadow/tst-putspent.c | 164 ++++++++++++++++++++++++++++++++++++++++++++++ 22 files changed, 1018 insertions(+), 109 deletions(-) create mode 100644 grp/tst-putgrent.c create mode 100644 gshadow/tst-putsgent.c create mode 100644 nss/rewrite_field.c create mode 100644 nss/tst-field.c create mode 100644 nss/valid_field.c create mode 100644 nss/valid_list_field.c create mode 100644 pwd/tst-putpwent.c create mode 100644 shadow/tst-putspent.c -- You are receiving this mail because: You are on the CC list for the bug.