diff --git a/shadow-4.1.2-uid.patch b/shadow-4.1.2-uid.patch new file mode 100644 index 0000000..96b04e3 --- /dev/null +++ b/shadow-4.1.2-uid.patch @@ -0,0 +1,532 @@ +diff -up /dev/null shadow-4.1.2/lib/get_gid.c +--- /dev/null 2009-03-16 11:03:38.574001227 +0100 ++++ shadow-4.1.2/lib/get_gid.c 2009-03-23 18:45:59.000000000 +0100 +@@ -0,0 +1,54 @@ ++/* ++ * Copyright (c) 2009 , Nicolas François ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the copyright holders or contributors may not be used to ++ * endorse or promote products derived from this software without ++ * specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ++ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include ++ ++#ident "$Id$" ++ ++#include "prototypes.h" ++#include "defines.h" ++ ++int get_gid (const char *gidstr, gid_t *gid) ++{ ++ long long int val; ++ char *endptr; ++ ++ errno = 0; ++ val = strtoll (gidstr, &endptr, 10); ++ if ( ('\0' == gidstr) ++ || ('\0' != *endptr) ++ || (ERANGE == errno) ++ || (val != (gid_t)val)) { ++ return 0; ++ } ++ ++ *gid = (gid_t)val; ++ return 1; ++} ++ +diff -up /dev/null shadow-4.1.2/lib/get_uid.c +--- /dev/null 2009-03-16 11:03:38.574001227 +0100 ++++ shadow-4.1.2/lib/get_uid.c 2009-03-23 18:45:59.000000000 +0100 +@@ -0,0 +1,55 @@ ++/* ++ * Copyright (c) 2009 , Nicolas François ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the copyright holders or contributors may not be used to ++ * endorse or promote products derived from this software without ++ * specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ++ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include ++ ++#ident "$Id$" ++ ++#include "prototypes.h" ++#include "defines.h" ++ ++int get_uid (const char *uidstr, uid_t *uid) ++{ ++ long long int val; ++ char *endptr; ++ ++ errno = 0; ++ val = strtoll (uidstr, &endptr, 10); ++ if ( ('\0' == uidstr) ++ || ('\0' != *endptr) ++ || (ERANGE == errno) ++ || (val != (uid_t)val)) { ++ return 0; ++ } ++ ++ *uid = (uid_t)val; ++ return 1; ++} ++ ++ +diff -up shadow-4.1.2/lib/Makefile.am.uid shadow-4.1.2/lib/Makefile.am +--- shadow-4.1.2/lib/Makefile.am.uid 2008-01-06 14:57:28.000000000 +0100 ++++ shadow-4.1.2/lib/Makefile.am 2009-03-23 18:45:59.000000000 +0100 +@@ -17,6 +17,8 @@ libshadow_la_SOURCES = \ + fputsx.c \ + getdef.c \ + getdef.h \ ++ get_gid.c \ ++ get_uid.c \ + groupio.c \ + groupmem.c \ + groupio.h \ +diff -up shadow-4.1.2/lib/prototypes.h.uid shadow-4.1.2/lib/prototypes.h +--- shadow-4.1.2/lib/prototypes.h.uid 2009-03-23 18:45:59.000000000 +0100 ++++ shadow-4.1.2/lib/prototypes.h 2009-03-23 18:45:59.000000000 +0100 +@@ -110,6 +110,12 @@ extern int find_new_gid (int sys_group, + /* getlong.c */ + extern int getlong(const char *numstr, long int *result); + ++/* get_gid.c */ ++extern int get_gid (const char *gidstr, gid_t *gid); ++ ++/* get_uid.c */ ++extern int get_uid (const char *uidstr, uid_t *uid); ++ + /* fputsx.c */ + extern char *fgetsx (char *, int, FILE *); + extern int fputsx (const char *, FILE *); +diff -up shadow-4.1.2/src/groupadd.c.uid shadow-4.1.2/src/groupadd.c +--- shadow-4.1.2/src/groupadd.c.uid 2009-03-23 18:45:59.000000000 +0100 ++++ shadow-4.1.2/src/groupadd.c 2009-03-23 18:45:59.000000000 +0100 +@@ -98,7 +98,6 @@ static void check_new_name (void); + static void close_files (void); + static void open_files (void); + static void fail_exit (int code); +-static gid_t get_gid (const char *gidstr); + static void process_flags (int argc, char **argv); + static void check_flags (void); + static void check_perms (void); +@@ -326,22 +325,6 @@ static void fail_exit (int code) + exit (code); + } + +-/* +- * get_id - validate and get group ID +- */ +-static gid_t get_gid (const char *gidstr) +-{ +- long val; +- char *errptr; +- +- val = strtol (gidstr, &errptr, 10); +- if (('\0' != *errptr) || (errno == ERANGE) || (val < 0)) { +- fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), +- Prog, gidstr); +- exit (E_BAD_ARG); +- } +- return val; +-} + + /* + * process_flags - parse the command line options +@@ -383,7 +366,13 @@ static void process_flags (int argc, cha + break; + case 'g': + gflg++; +- group_id = get_gid (optarg); ++ if ( (get_gid (optarg, &group_id) == 0) ++ || (group_id == (gid_t)-1)) { ++ fprintf (stderr, ++ _("%s: invalid group ID '%s'\n"), ++ Prog, optarg); ++ exit (E_BAD_ARG); ++ } + break; + case 'h': + usage (); +diff -up shadow-4.1.2/src/groupmod.c.uid shadow-4.1.2/src/groupmod.c +--- shadow-4.1.2/src/groupmod.c.uid 2008-04-27 02:40:13.000000000 +0200 ++++ shadow-4.1.2/src/groupmod.c 2009-03-23 18:45:59.000000000 +0100 +@@ -100,7 +100,6 @@ static void check_new_name (void); + static void process_flags (int, char **); + static void close_files (void); + static void open_files (void); +-static gid_t get_gid (const char *gidstr); + static void update_primary_groups (gid_t ogid, gid_t ngid); + + /* +@@ -361,23 +360,6 @@ static void check_new_name (void) + } + + /* +- * get_id - validate and get group ID +- */ +-static gid_t get_gid (const char *gidstr) +-{ +- long val; +- char *errptr; +- +- val = strtol (gidstr, &errptr, 10); +- if (*errptr || errno == ERANGE || val < 0) { +- fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, +- gidstr); +- fail_exit (E_BAD_ARG); +- } +- return val; +-} +- +-/* + * process_flags - perform command line argument setting + * + * process_flags() interprets the command line arguments and sets the +@@ -404,7 +386,13 @@ static void process_flags (int argc, cha + switch (c) { + case 'g': + gflg++; +- group_newid = get_gid (optarg); ++ if ( (get_gid (optarg, &group_newid) == 0) ++ || (group_newid == (gid_t)-1)) { ++ fprintf (stderr, ++ _("%s: invalid group ID '%s'\n"), ++ Prog, optarg); ++ exit (E_BAD_ARG); ++ } + #ifdef WITH_AUDIT + audit_logger (AUDIT_USER_CHAUTHTOK, + Prog, "modifying group", +diff -up shadow-4.1.2/src/newusers.c.uid shadow-4.1.2/src/newusers.c +--- shadow-4.1.2/src/newusers.c.uid 2008-04-27 02:40:13.000000000 +0200 ++++ shadow-4.1.2/src/newusers.c 2009-03-23 18:45:59.000000000 +0100 +@@ -90,7 +90,7 @@ static pam_handle_t *pamh = NULL; + static void usage (void); + static void fail_exit (int); + static int add_group (const char *, const char *, gid_t *, gid_t); +-static int get_uid (const char *, uid_t *); ++static int get_user_id (const char *, uid_t *); + static int add_user (const char *, uid_t, gid_t); + static void update_passwd (struct passwd *, const char *); + static int add_passwd (struct passwd *, const char *); +@@ -178,22 +178,26 @@ static int add_group (const char *name, + * The GID is a number, which means either this is a brand + * new group, or an existing group. + */ +- char *endptr; +- long int i = strtoul (gid, &endptr, 10); +- if ((*endptr != '\0') && (errno != ERANGE)) { ++ if (get_gid (gid, &grent.gr_gid) == 0) { + fprintf (stderr, +- _("%s: group ID `%s' is not valid\n"), ++ _("%s: invalid group ID '%s'\n"), + Prog, gid); + return -1; + } +- if ( (getgrgid (i) != NULL) +- || (gr_locate_gid (i) != NULL)) { ++ if ( (getgrgid ((gid_t) grent.gr_gid) != NULL) ++ || (gr_locate_gid ((gid_t) grent.gr_gid) != NULL)) { + /* The user will use this ID for her + * primary group */ +- *ngid = i; ++ *ngid = (gid_t) grent.gr_gid; + return 0; + } +- grent.gr_gid = i; ++ /* Do not create groups with GID == (gid_t)-1 */ ++ if (grent.gr_gid == (gid_t)-1) { ++ fprintf (stderr, ++ _("%s: invalid group ID '%s'\n"), ++ Prog, gid); ++ return -1; ++ } + } else { + /* The gid parameter can be "" or a name which is not + * already the name of an existing group. +@@ -267,7 +271,7 @@ static int add_group (const char *name, + return 0; + } + +-static int get_uid (const char *uid, uid_t *nuid) { ++static int get_user_id (const char *uid, uid_t *nuid) { + const struct passwd *pwd = NULL; + + /* +@@ -275,15 +279,11 @@ static int get_uid (const char *uid, uid + * caller provided, or the next available UID. + */ + if (isdigit (uid[0])) { +- char *endptr; +- long int i = strtoul (uid, &endptr, 10); +- if ((*endptr != '\0') && (errno != ERANGE)) { +- fprintf (stderr, +- _("%s: user ID `%s' is not valid\n"), ++ if ((get_uid (uid, nuid) == 0) || (*nuid == (uid_t)-1)) { ++ fprintf (stderr, _("%s: invalid user ID '%s'\n"), + Prog, uid); + return -1; + } +- *nuid = i; + } else { + if ('\0' != uid[0]) { + /* local, no need for xgetpwnam */ +@@ -740,7 +740,7 @@ int main (int argc, char **argv) + } + + if ( (NULL == pw) +- && (get_uid (fields[2], &uid) != 0)) { ++ && (get_user_id (fields[2], &uid) != 0)) { + fprintf (stderr, + _("%s: line %d: can't create user\n"), + Prog, line); +diff -up shadow-4.1.2/src/useradd.c.uid shadow-4.1.2/src/useradd.c +--- shadow-4.1.2/src/useradd.c.uid 2009-03-23 18:45:59.000000000 +0100 ++++ shadow-4.1.2/src/useradd.c 2009-03-23 18:45:59.000000000 +0100 +@@ -170,7 +170,6 @@ static int home_added; + static void fail_exit (int); + static struct group *getgr_nam_gid (const char *); + static long get_number (const char *); +-static uid_t get_uid (const char *); + static void get_defaults (void); + static void show_defaults (void); + static int set_defaults (void); +@@ -225,39 +224,30 @@ static void fail_exit (int code) + + static struct group *getgr_nam_gid (const char *grname) + { +- long gid; +- char *errptr; +- +- gid = strtol (grname, &errptr, 10); +- if (*grname != '\0' && *errptr == '\0' && errno != ERANGE && gid >= 0) ++ long long int gid; ++ char *endptr; ++ ++ errno = 0; ++ gid = strtoll (grname, &endptr, 10); ++ if ( ('\0' != *grname) ++ && ('\0' == *endptr) ++ && (ERANGE != errno) ++ && (gid == (gid_t)gid)) { + return xgetgrgid (gid); ++ } + return xgetgrnam (grname); + } + + static long get_number (const char *numstr) + { + long val; +- char *errptr; ++ char *endptr; + +- val = strtol (numstr, &errptr, 10); +- if (*errptr || errno == ERANGE) { +- fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, +- numstr); +- exit (E_BAD_ARG); +- } +- return val; +-} +- +-static uid_t get_uid (const char *uidstr) +-{ +- long val; +- char *errptr; +- +- val = strtol (uidstr, &errptr, 10); +- if (*errptr || errno == ERANGE || val < 0) { +- fprintf (stderr, +- _("%s: invalid numeric argument '%s'\n"), Prog, +- uidstr); ++ errno = 0; ++ val = strtol (numstr, &endptr, 10); ++ if (('\0' == *numstr) || ('\0' != *endptr) || (ERANGE == errno)) { ++ fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), ++ Prog, numstr); + exit (E_BAD_ARG); + } + return val; +@@ -302,26 +292,13 @@ static void get_defaults (void) + * Primary GROUP identifier + */ + if (MATCH (buf, DGROUP)) { +- unsigned int val = (unsigned int) strtoul (cp, &ep, 10); +- const struct group *grp; +- +- if (*cp != '\0' && *ep == '\0') { /* valid number */ +- def_group = val; +- /* local, no need for xgetgrgid */ +- if ((grp = getgrgid (def_group))) { +- def_gname = xstrdup (grp->gr_name); +- } else { +- fprintf (stderr, +- _("%s: unknown GID %s\n"), +- Prog, cp); +- } +- /* local, no need for xgetgrnam */ +- } else if ((grp = getgrnam (cp))) { +- def_group = grp->gr_gid; +- def_gname = xstrdup (cp); ++ const struct group *grp = getgr_nam_gid (cp); ++ if (NULL == grp) { ++ fprintf (stderr, _("%s: unknown GID %s\n"), ++ Prog, cp); + } else { +- fprintf (stderr, +- _("%s: unknown group %s\n"), Prog, cp); ++ def_group = grp->gr_gid; ++ def_gname = xstrdup (grp->gr_name); + } + } + +@@ -343,12 +320,17 @@ static void get_defaults (void) + * Default Password Inactive value + */ + else if (MATCH (buf, INACT)) { ++ errno = 0; + long val = strtol (cp, &ep, 10); + +- if (*cp || errno == ERANGE) ++ if ( ('\0' != *cp) ++ && ('\0' == *ep) ++ && (ERANGE != errno) ++ && (val >= 0)) { + def_inactive = val; +- else ++ } else { + def_inactive = -1; ++ } + } + + /* +@@ -1080,7 +1062,13 @@ static void process_flags (int argc, cha + sflg++; + break; + case 'u': +- user_id = get_uid (optarg); ++ if ( (get_uid (optarg, &user_id) == 0) ++ || (user_id == (gid_t)-1)) { ++ fprintf (stderr, ++ _("%s: invalid user ID '%s'\n"), ++ Prog, optarg); ++ exit (E_BAD_ARG); ++ } + uflg++; + break; + case 'U': +diff -up shadow-4.1.2/src/usermod.c.uid shadow-4.1.2/src/usermod.c +--- shadow-4.1.2/src/usermod.c.uid 2009-03-23 18:45:59.000000000 +0100 ++++ shadow-4.1.2/src/usermod.c 2009-03-23 18:48:36.000000000 +0100 +@@ -155,7 +155,6 @@ static void update_gshadow (void); + static void grp_update (void); + + static long get_number (const char *); +-static uid_t get_id (const char *); + static void process_flags (int, char **); + static void close_files (void); + static void open_files (void); +@@ -193,12 +192,17 @@ static void date_to_str (char *buf, size + */ + static struct group *getgr_nam_gid (const char *grname) + { +- long val; +- char *errptr; +- +- val = strtol (grname, &errptr, 10); +- if (*grname != '\0' && *errptr == '\0' && errno != ERANGE && val >= 0) ++ long long int val; ++ char *endptr; ++ ++ errno = 0; ++ val = strtoll (grname, &endptr, 10); ++ if ( ('\0' != *grname) ++ && ('\0' == *endptr) ++ && (ERANGE != errno) ++ && (val == (gid_t)val)) { + return xgetgrgid (val); ++ } + return xgetgrnam (grname); + } + +@@ -752,20 +756,6 @@ static long get_number (const char *nums + return val; + } + +-static uid_t get_id (const char *uidstr) +-{ +- long val; +- char *errptr; +- +- val = strtol (uidstr, &errptr, 10); +- if (*errptr || errno == ERANGE || val < 0) { +- fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, +- uidstr); +- exit (E_BAD_ARG); +- } +- return val; +-} +- + /* + * process_flags - perform command line argument setting + * +@@ -963,7 +953,13 @@ static void process_flags (int argc, cha + sflg++; + break; + case 'u': +- user_newid = get_id (optarg); ++ if ( (get_uid (optarg, &user_newid) ==0) ++ || (user_newid == (uid_t)-1)) { ++ fprintf (stderr, ++ _("%s: invalid user ID '%s'\n"), ++ Prog, optarg); ++ exit (E_BAD_ARG); ++ } + uflg++; + break; + case 'U': diff --git a/shadow-utils.spec b/shadow-utils.spec index f2bed82..cc3fa54 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -5,7 +5,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.1.2 -Release: 12%{?dist} +Release: 13%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2 @@ -21,6 +21,7 @@ Patch5: shadow-4.1.2-audit.patch Patch6: shadow-4.1.1-selinuxUserMappings.patch Patch7: shadow-4.1.2-checkName.patch Patch8: shadow-4.1.2-gmNoGroup.patch +Patch9: shadow-4.1.2-uid.patch License: BSD and GPLv2+ Group: System Environment/Base @@ -55,6 +56,7 @@ are used for managing group accounts. %patch6 -p1 -b .selinuxUserMappings %patch7 -p1 -b .checkName %patch8 -p1 -b .gmNoGroup +%patch9 -p1 -b .uid iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -197,6 +199,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Tue Mar 24 2009 Peter Vrabec 2:4.1.2-13 +- do not allow UID/GID = 4294967295 (#484040,#133664) + * Wed Feb 25 2009 Fedora Release Engineering - 2:4.1.2-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild