* NEWS, src/chfn.c, src/chsh.c: Fix CVE-2011-0721: forbid \n in

	gecos or shell.

diff --git a/ChangeLog b/ChangeLog
index 6d900b90b0af4ef00abbb3b84810c2eded17876f..2b56263223119cd7ace154e366bf18e487971c36 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-02-13  Nicolas François  <nicolas.francois@centraliens.net>
+
+       * NEWS, src/chfn.c, src/chsh.c: Fix CVE-2011-0721: forbid \n in
+       gecos or shell.
+
 2011-02-12  Nicolas François  <nicolas.francois@centraliens.net>
 
        * autogen.sh: Restore original autoreconf (see 2010-08-29's change

diff --git a/NEWS b/NEWS
index 72a350c83c840a933421c9dd0bad5ad8e9d55be7..8be05e901cb349ab895bda00aa844256f03807f9 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,6 @@
 $Id$
 
-shadow-4.1.4.2 -> shadow-4.1.5                                 UNRELEASED
+shadow-4.1.4.3 -> shadow-4.1.5                                 UNRELEASED
 
 - general
   * report usage error to stderr, but report usage help to stdout (and return
@@ -48,6 +48,12 @@ shadow-4.1.4.2 -> shadow-4.1.5                                       UNRELEASED
   * Updated Vietnamese translation.
   * Updated Kazakh translation.
 
+shadow-4.1.4.2 -> shadow-4.1.4.3                                               2011-02-15
+
+*** security:
+- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
+  to create users or groups in a NIS environment.
+
 shadow-4.1.4.1 -> shadow-4.1.4.2                                       2009-07-24
 
 - general

diff --git a/src/chfn.c b/src/chfn.c
index 8857c8f128faaf6ed52e7d53fc89dff4451f69a8..0aa6658351f17e9b2258a573c231f0eb2db14eaf 100644 (file)
--- a/src/chfn.c
+++ b/src/chfn.c
@@ -551,14 +551,14 @@ static void get_old_fields (const char *gecos)
 static void check_fields (void)
 {
        int err;
-       err = valid_field (fullnm, ":,=");
+       err = valid_field (fullnm, ":,=\n");
        if (err > 0) {
                fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm);
        } else if (err < 0) {
                fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm);
                fail_exit (E_NOPERM);
        }
-       err = valid_field (roomno, ":,=");
+       err = valid_field (roomno, ":,=\n");
        if (err > 0) {
                fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno);
        } else if (err < 0) {
@@ -566,17 +566,17 @@ static void check_fields (void)
                         Prog, roomno);
                fail_exit (E_NOPERM);
        }
-       if (valid_field (workph, ":,=") != 0) {
+       if (valid_field (workph, ":,=\n") != 0) {
                fprintf (stderr, _("%s: invalid work phone: '%s'\n"),
                         Prog, workph);
                fail_exit (E_NOPERM);
        }
-       if (valid_field (homeph, ":,=") != 0) {
+       if (valid_field (homeph, ":,=\n") != 0) {
                fprintf (stderr, _("%s: invalid home phone: '%s'\n"),
                         Prog, homeph);
                fail_exit (E_NOPERM);
        }
-       err = valid_field (slop, ":");
+       err = valid_field (slop, ":\n");
        if (err > 0) {
                fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop);
        } else if (err < 0) {

diff --git a/src/chsh.c b/src/chsh.c
index d93a80915ee07fb1754bee17230355f9940e9f6f..553fe5c3b85cc2e781c33c1ad52febbe6856a45e 100644 (file)
--- a/src/chsh.c
+++ b/src/chsh.c
@@ -528,7 +528,7 @@ int main (int argc, char **argv)
         * users are restricted to using the shells in /etc/shells.
         * The shell must be executable by the user.
         */
-       if (valid_field (loginsh, ":,=") != 0) {
+       if (valid_field (loginsh, ":,=\n") != 0) {
                fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh);
                fail_exit (1);
        }