SHA256
1
0
forked from pool/shadow
shadow/shadow-CVE-2023-29383.patch
Michael Vetter de2ffbd8a7 - bsc#1210507 (CVE-2023-29383):
Check for control characters
- Add shadow-CVE-2023-29383.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=147
2023-04-18 16:15:03 +00:00

52 lines
1.4 KiB
Diff

Index: shadow-4.13/lib/fields.c
===================================================================
--- shadow-4.13.orig/lib/fields.c
+++ shadow-4.13/lib/fields.c
@@ -21,9 +21,9 @@
*
* The supplied field is scanned for non-printable and other illegal
* characters.
- * + -1 is returned if an illegal character is present.
- * + 1 is returned if no illegal characters are present, but the field
- * contains a non-printable character.
+ * + -1 is returned if an illegal or control character is present.
+ * + 1 is returned if no illegal or control characters are present,
+ * but the field contains a non-printable character.
* + 0 is returned otherwise.
*/
int valid_field (const char *field, const char *illegal)
@@ -37,23 +37,22 @@ int valid_field (const char *field, cons
/* For each character of field, search if it appears in the list
* of illegal characters. */
+ if (illegal && NULL != strpbrk (field, illegal)) {
+ return -1;
+ }
+
+ /* Search if there are non-printable or control characters */
for (cp = field; '\0' != *cp; cp++) {
- if (strchr (illegal, *cp) != NULL) {
+ unsigned char c = *cp;
+ if (!isprint (c)) {
+ err = 1;
+ }
+ if (iscntrl (c)) {
err = -1;
break;
}
}
- if (0 == err) {
- /* Search if there are some non-printable characters */
- for (cp = field; '\0' != *cp; cp++) {
- if (!isprint (*cp)) {
- err = 1;
- break;
- }
- }
- }
-
return err;
}