forked from pool/shadow
de2ffbd8a7
Check for control characters - Add shadow-CVE-2023-29383.patch OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=147
52 lines
1.4 KiB
Diff
52 lines
1.4 KiB
Diff
Index: shadow-4.13/lib/fields.c
|
|
===================================================================
|
|
--- shadow-4.13.orig/lib/fields.c
|
|
+++ shadow-4.13/lib/fields.c
|
|
@@ -21,9 +21,9 @@
|
|
*
|
|
* The supplied field is scanned for non-printable and other illegal
|
|
* characters.
|
|
- * + -1 is returned if an illegal character is present.
|
|
- * + 1 is returned if no illegal characters are present, but the field
|
|
- * contains a non-printable character.
|
|
+ * + -1 is returned if an illegal or control character is present.
|
|
+ * + 1 is returned if no illegal or control characters are present,
|
|
+ * but the field contains a non-printable character.
|
|
* + 0 is returned otherwise.
|
|
*/
|
|
int valid_field (const char *field, const char *illegal)
|
|
@@ -37,23 +37,22 @@ int valid_field (const char *field, cons
|
|
|
|
/* For each character of field, search if it appears in the list
|
|
* of illegal characters. */
|
|
+ if (illegal && NULL != strpbrk (field, illegal)) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ /* Search if there are non-printable or control characters */
|
|
for (cp = field; '\0' != *cp; cp++) {
|
|
- if (strchr (illegal, *cp) != NULL) {
|
|
+ unsigned char c = *cp;
|
|
+ if (!isprint (c)) {
|
|
+ err = 1;
|
|
+ }
|
|
+ if (iscntrl (c)) {
|
|
err = -1;
|
|
break;
|
|
}
|
|
}
|
|
|
|
- if (0 == err) {
|
|
- /* Search if there are some non-printable characters */
|
|
- for (cp = field; '\0' != *cp; cp++) {
|
|
- if (!isprint (*cp)) {
|
|
- err = 1;
|
|
- break;
|
|
- }
|
|
- }
|
|
- }
|
|
-
|
|
return err;
|
|
}
|
|
|