[Bug network/18724] New: Harden put*ent functions against data injection

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug network/18724] New: Harden put*ent functions against data injection
@ 2015-07-27 12:26 fweimer at redhat dot com
  2015-07-27 12:26 ` [Bug network/18724] " fweimer at redhat dot com
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2015-07-27 12:26 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=18724

            Bug ID: 18724
           Summary: Harden put*ent functions against data injection
           Product: glibc
           Version: 2.21
            Status: NEW
          Severity: normal
          Priority: P2
         Component: network
          Assignee: fweimer at redhat dot com
          Reporter: fweimer at redhat dot com
  Target Milestone: ---
             Flags: security-

putpwent, putspent and similar functions should check the values they write for
newlines and ':' characters to avoid data injection.

This is just hardening, no known security impact.  Known callers of putpwent
implement the checks themselves.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug network/18724] Harden put*ent functions against data injection
  2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
@ 2015-07-27 12:26 ` fweimer at redhat dot com
  2015-08-27 21:53 ` [Bug libc/18724] " jsm28 at gcc dot gnu.org
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2015-07-27 12:26 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=18724

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug libc/18724] Harden put*ent functions against data injection
  2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
  2015-07-27 12:26 ` [Bug network/18724] " fweimer at redhat dot com
@ 2015-08-27 21:53 ` jsm28 at gcc dot gnu.org
  2015-10-02  9:35 ` cvs-commit at gcc dot gnu.org
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2015-08-27 21:53 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=18724

Joseph Myers <jsm28 at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |drepper.fsp at gmail dot com
          Component|network                     |libc

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug libc/18724] Harden put*ent functions against data injection
  2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
  2015-07-27 12:26 ` [Bug network/18724] " fweimer at redhat dot com
  2015-08-27 21:53 ` [Bug libc/18724] " jsm28 at gcc dot gnu.org
@ 2015-10-02  9:35 ` cvs-commit at gcc dot gnu.org
  2015-10-02  9:36 ` fweimer at redhat dot com
  2015-10-29 16:38 ` jsm28 at gcc dot gnu.org
  4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2015-10-02  9:35 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=18724

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  676599b36a92f3c201c5682ee7a5caddd9f370a4 (commit)
      from  b0f81637d5bda47be93bac34b68f429a12979321 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=676599b36a92f3c201c5682ee7a5caddd9f370a4

commit 676599b36a92f3c201c5682ee7a5caddd9f370a4
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Oct 2 11:34:13 2015 +0200

    Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]

    This prevents injection of ':' and '\n' into output functions which
    use the NSS files database syntax.  Critical fields (user/group names
    and file system paths) are checked strictly.  For backwards
    compatibility, the GECOS field is rewritten instead.

    The getent program is adjusted to use the put*ent functions in libc,
    instead of local copies.  This changes the behavior of getent if user
    names start with '-' or '+'.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog              |   38 +++++++++++
 NEWS                   |   10 ++--
 grp/Makefile           |    2 +-
 grp/putgrent.c         |   15 ++--
 grp/tst-putgrent.c     |  167 +++++++++++++++++++++++++++++++++++++++++++++++
 gshadow/Makefile       |    2 +-
 gshadow/putsgent.c     |   11 +++
 gshadow/tst-putsgent.c |  168 ++++++++++++++++++++++++++++++++++++++++++++++++
 include/nss.h          |   13 ++++
 include/pwd.h          |    2 +-
 nss/Makefile           |    8 ++-
 nss/getent.c           |   76 ++-------------------
 nss/rewrite_field.c    |   51 +++++++++++++++
 nss/tst-field.c        |  101 +++++++++++++++++++++++++++++
 nss/valid_field.c      |   31 +++++++++
 nss/valid_list_field.c |   35 ++++++++++
 pwd/Makefile           |    2 +-
 pwd/putpwent.c         |   52 +++++++++------
 pwd/tst-putpwent.c     |  168 ++++++++++++++++++++++++++++++++++++++++++++++++
 shadow/Makefile        |    2 +-
 shadow/putspent.c      |    9 +++
 shadow/tst-putspent.c  |  164 ++++++++++++++++++++++++++++++++++++++++++++++
 22 files changed, 1018 insertions(+), 109 deletions(-)
 create mode 100644 grp/tst-putgrent.c
 create mode 100644 gshadow/tst-putsgent.c
 create mode 100644 nss/rewrite_field.c
 create mode 100644 nss/tst-field.c
 create mode 100644 nss/valid_field.c
 create mode 100644 nss/valid_list_field.c
 create mode 100644 pwd/tst-putpwent.c
 create mode 100644 shadow/tst-putspent.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug libc/18724] Harden put*ent functions against data injection
  2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
                   ` (2 preceding siblings ...)
  2015-10-02  9:35 ` cvs-commit at gcc dot gnu.org
@ 2015-10-02  9:36 ` fweimer at redhat dot com
  2015-10-29 16:38 ` jsm28 at gcc dot gnu.org
  4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2015-10-02  9:36 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=18724

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
Fixed in 2.23.

(This bug was present for a very long time.)

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug libc/18724] Harden put*ent functions against data injection
  2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
                   ` (3 preceding siblings ...)
  2015-10-02  9:36 ` fweimer at redhat dot com
@ 2015-10-29 16:38 ` jsm28 at gcc dot gnu.org
  4 siblings, 0 replies; 6+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2015-10-29 16:38 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=18724

Joseph Myers <jsm28 at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |2.23

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2015-10-29 16:38 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-27 12:26 [Bug network/18724] New: Harden put*ent functions against data injection fweimer at redhat dot com
2015-07-27 12:26 ` [Bug network/18724] " fweimer at redhat dot com
2015-08-27 21:53 ` [Bug libc/18724] " jsm28 at gcc dot gnu.org
2015-10-02  9:35 ` cvs-commit at gcc dot gnu.org
2015-10-02  9:36 ` fweimer at redhat dot com
2015-10-29 16:38 ` jsm28 at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).