From 53b6c2ec17437ec1f6a6f0ec08684525c0dea2f0 Mon Sep 17 00:00:00 2001 From: Peter Vrabec Date: Wed, 24 Sep 2008 13:26:18 +0000 Subject: [PATCH] - groupmems: check username for valid character (#455603) - groupmems: don't segfault on nonexistent group (#456088) --- shadow-4.1.2-checkName.patch | 32 ++++++++++++++++++++++++++++++++ shadow-4.1.2-gmNoGroup.patch | 22 ++++++++++++++++++++++ shadow-utils.spec | 10 +++++++++- 3 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 shadow-4.1.2-checkName.patch create mode 100644 shadow-4.1.2-gmNoGroup.patch diff --git a/shadow-4.1.2-checkName.patch b/shadow-4.1.2-checkName.patch new file mode 100644 index 0000000..321bdba --- /dev/null +++ b/shadow-4.1.2-checkName.patch @@ -0,0 +1,32 @@ +diff -up shadow-4.1.2/src/groupmems.c.checkName shadow-4.1.2/src/groupmems.c +--- shadow-4.1.2/src/groupmems.c.checkName 2008-09-24 11:17:02.000000000 +0200 ++++ shadow-4.1.2/src/groupmems.c 2008-09-24 14:03:01.000000000 +0200 +@@ -43,6 +43,7 @@ + #include + #include "defines.h" + #include "groupio.h" ++#include "chkname.h" + + /* Exit Status Values */ + +@@ -54,6 +55,7 @@ + #define EXIT_NOT_PRIMARY 5 /* not primary owner of group */ + #define EXIT_NOT_MEMBER 6 /* member of group does not exist */ + #define EXIT_MEMBER_EXISTS 7 /* member of group already exists */ ++#define E_BAD_ARG 8 /* invalid argument to option */ + + #define TRUE 1 + #define FALSE 0 +@@ -225,6 +227,12 @@ int main (int argc, char **argv) + usage (); + } + ++ /* check if user names is valid */ ++ if ( adduser && !check_user_name (adduser)) { ++ fprintf (stderr, _("%s is not a valid user name\n"), adduser); ++ exit (E_BAD_ARG); ++ } ++ + if (!isroot () && NULL != thisgroup) { + fputs (_("Only root can add members to different groups\n"), + stderr); diff --git a/shadow-4.1.2-gmNoGroup.patch b/shadow-4.1.2-gmNoGroup.patch new file mode 100644 index 0000000..67e14ea --- /dev/null +++ b/shadow-4.1.2-gmNoGroup.patch @@ -0,0 +1,22 @@ +diff -up shadow-4.1.2/src/groupmems.c.gmNoGroup shadow-4.1.2/src/groupmems.c +--- shadow-4.1.2/src/groupmems.c.gmNoGroup 2008-09-24 15:00:30.000000000 +0200 ++++ shadow-4.1.2/src/groupmems.c 2008-09-24 15:07:20.000000000 +0200 +@@ -56,6 +56,7 @@ + #define EXIT_NOT_MEMBER 6 /* member of group does not exist */ + #define EXIT_MEMBER_EXISTS 7 /* member of group already exists */ + #define E_BAD_ARG 8 /* invalid argument to option */ ++#define EXIT_NOT_GROUP 8 /* group does not exist */ + + #define TRUE 1 + #define FALSE 0 +@@ -293,6 +294,10 @@ int main (int argc, char **argv) + } + + grp = (struct group *) gr_locate (name); ++ if (NULL == grp) { ++ fputs (_("Specified group does not exist\n"), stderr); ++ exit (EXIT_NOT_GROUP); ++ } + + if (NULL != adduser) { + grp->gr_mem = addtogroup (adduser, grp->gr_mem); diff --git a/shadow-utils.spec b/shadow-utils.spec index a15ac42..9b9129c 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -5,7 +5,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.1.2 -Release: 7%{?dist} +Release: 8%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2 @@ -19,6 +19,8 @@ Patch3: shadow-4.1.2-sysAccountDownhill.patch Patch4: shadow-4.1.2-gmSEGV.patch Patch5: shadow-4.1.2-audit.patch Patch6: shadow-4.1.1-selinuxUserMappings.patch +Patch7: shadow-4.1.2-checkName.patch +Patch8: shadow-4.1.2-gmNoGroup.patch License: BSD Group: System Environment/Base @@ -50,6 +52,8 @@ are used for managing group accounts. %patch4 -p1 -b .gmSEGV %patch5 -p1 -b .audit %patch6 -p1 -b .selinuxUserMappings +%patch7 -p1 -b .checkName +%patch8 -p1 -b .gmNoGroup rm po/*.gmo @@ -190,6 +194,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Wed Sep 24 2008 Peter Vrabec 2:4.1.2-8 +- groupmems: check username for valid character (#455603) +- groupmems: don't segfault on nonexistent group (#456088) + * Thu Sep 11 2008 Peter Vrabec 2:4.1.2-7 - fix usermod SELinux user mappings change (#458766)