Message ID | 20230504014730.31190-1-asharma@mvista.com |
---|---|
State | New, archived |
Headers | show |
Series | [kirkstone] shadow:Fix CVE-2023-29383 improper input validation | expand |
Hi Ashish, We already have a fix for this CVE in kirkstone: https://git.yoctoproject.org/poky/commit/?h=kirkstone&id=e8eab4241593cc93da7dd24ad7a188bbf1866413 Thanks! Steve On Wed, May 3, 2023 at 3:47 PM Ashish Sharma <asharma@mvista.com> wrote: > > ChangeID: 2bfa88cb752792ddc37f700f87a896331bb12c95 > > CVE: CVE-2023-29383 > shadow: Improper input validation in shadow-utils package utility > chfn > > Signed-off-by: Ashish Sharma <asharma@mvista.com> > --- > .../shadow/files/CVE-2023-29383.patch | 46 +++++++++++++++++++ > meta/recipes-extended/shadow/shadow.inc | 1 + > 2 files changed, 47 insertions(+) > create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > new file mode 100644 > index 00000000000..49e62d4e429 > --- /dev/null > +++ b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > @@ -0,0 +1,46 @@ > +From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 > +From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> > +Date: Thu, 23 Mar 2023 23:39:38 +0000 > +Subject: [PATCH] Added control character check > + > +Added control character check, returning -1 (to "err") if control characters are present. > +--- > +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d] > +CVE: CVE-2023-29383 > +Signed-off-by: Ashish Sharma <asharma@mvista.com> > + > + lib/fields.c | 11 +++++++---- > + 1 file changed, 7 insertions(+), 4 deletions(-) > + > +diff --git a/lib/fields.c b/lib/fields.c > +index 640be931f..fb51b5829 100644 > +--- a/lib/fields.c > ++++ b/lib/fields.c > +@@ -21,9 +21,9 @@ > + * > + * The supplied field is scanned for non-printable and other illegal > + * characters. > +- * + -1 is returned if an illegal character is present. > +- * + 1 is returned if no illegal characters are present, but the field > +- * contains a non-printable character. > ++ * + -1 is returned if an illegal or control character is present. > ++ * + 1 is returned if no illegal or control characters are present, > ++ * but the field contains a non-printable character. > + * + 0 is returned otherwise. > + */ > + int valid_field (const char *field, const char *illegal) > +@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) > + } > + > + if (0 == err) { > +- /* Search if there are some non-printable characters */ > ++ /* Search if there are non-printable or control characters */ > + for (cp = field; '\0' != *cp; cp++) { > + if (!isprint (*cp)) { > + err = 1; > ++ } > ++ if (!iscntrl (*cp)) { > ++ err = -1; > + break; > + } > + } > diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc > index 5106b955719..72891d022fe 100644 > --- a/meta/recipes-extended/shadow/shadow.inc > +++ b/meta/recipes-extended/shadow/shadow.inc > @@ -16,6 +16,7 @@ SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP} > ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ > file://shadow-relaxed-usernames.patch \ > file://useradd \ > + file://CVE-2023-29383.patch \ > " > > SRC_URI:append:class-target = " \ > -- > 2.35.7 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#180843): https://lists.openembedded.org/g/openembedded-core/message/180843 > Mute This Topic: https://lists.openembedded.org/mt/98675950/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch new file mode 100644 index 00000000000..49e62d4e429 --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch @@ -0,0 +1,46 @@ +From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 +From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> +Date: Thu, 23 Mar 2023 23:39:38 +0000 +Subject: [PATCH] Added control character check + +Added control character check, returning -1 (to "err") if control characters are present. +--- +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d] +CVE: CVE-2023-29383 +Signed-off-by: Ashish Sharma <asharma@mvista.com> + + lib/fields.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/lib/fields.c b/lib/fields.c +index 640be931f..fb51b5829 100644 +--- a/lib/fields.c ++++ b/lib/fields.c +@@ -21,9 +21,9 @@ + * + * The supplied field is scanned for non-printable and other illegal + * characters. +- * + -1 is returned if an illegal character is present. +- * + 1 is returned if no illegal characters are present, but the field +- * contains a non-printable character. ++ * + -1 is returned if an illegal or control character is present. ++ * + 1 is returned if no illegal or control characters are present, ++ * but the field contains a non-printable character. + * + 0 is returned otherwise. + */ + int valid_field (const char *field, const char *illegal) +@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) + } + + if (0 == err) { +- /* Search if there are some non-printable characters */ ++ /* Search if there are non-printable or control characters */ + for (cp = field; '\0' != *cp; cp++) { + if (!isprint (*cp)) { + err = 1; ++ } ++ if (!iscntrl (*cp)) { ++ err = -1; + break; + } + } diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 5106b955719..72891d022fe 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -16,6 +16,7 @@ SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP} ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ file://shadow-relaxed-usernames.patch \ file://useradd \ + file://CVE-2023-29383.patch \ " SRC_URI:append:class-target = " \
ChangeID: 2bfa88cb752792ddc37f700f87a896331bb12c95 CVE: CVE-2023-29383 shadow: Improper input validation in shadow-utils package utility chfn Signed-off-by: Ashish Sharma <asharma@mvista.com> --- .../shadow/files/CVE-2023-29383.patch | 46 +++++++++++++++++++ meta/recipes-extended/shadow/shadow.inc | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch