- groupmems: check username for valid character (#455603)

- groupmems: don't segfault on nonexistent group (#456088)
This commit is contained in:
Peter Vrabec 2008-09-24 13:26:18 +00:00
parent 60ae26e9e9
commit 53b6c2ec17
3 changed files with 63 additions and 1 deletions

View file

@ -0,0 +1,32 @@
diff -up shadow-4.1.2/src/groupmems.c.checkName shadow-4.1.2/src/groupmems.c
--- shadow-4.1.2/src/groupmems.c.checkName 2008-09-24 11:17:02.000000000 +0200
+++ shadow-4.1.2/src/groupmems.c 2008-09-24 14:03:01.000000000 +0200
@@ -43,6 +43,7 @@
#include <pwd.h>
#include "defines.h"
#include "groupio.h"
+#include "chkname.h"
/* Exit Status Values */
@@ -54,6 +55,7 @@
#define EXIT_NOT_PRIMARY 5 /* not primary owner of group */
#define EXIT_NOT_MEMBER 6 /* member of group does not exist */
#define EXIT_MEMBER_EXISTS 7 /* member of group already exists */
+#define E_BAD_ARG 8 /* invalid argument to option */
#define TRUE 1
#define FALSE 0
@@ -225,6 +227,12 @@ int main (int argc, char **argv)
usage ();
}
+ /* check if user names is valid */
+ if ( adduser && !check_user_name (adduser)) {
+ fprintf (stderr, _("%s is not a valid user name\n"), adduser);
+ exit (E_BAD_ARG);
+ }
+
if (!isroot () && NULL != thisgroup) {
fputs (_("Only root can add members to different groups\n"),
stderr);

View file

@ -0,0 +1,22 @@
diff -up shadow-4.1.2/src/groupmems.c.gmNoGroup shadow-4.1.2/src/groupmems.c
--- shadow-4.1.2/src/groupmems.c.gmNoGroup 2008-09-24 15:00:30.000000000 +0200
+++ shadow-4.1.2/src/groupmems.c 2008-09-24 15:07:20.000000000 +0200
@@ -56,6 +56,7 @@
#define EXIT_NOT_MEMBER 6 /* member of group does not exist */
#define EXIT_MEMBER_EXISTS 7 /* member of group already exists */
#define E_BAD_ARG 8 /* invalid argument to option */
+#define EXIT_NOT_GROUP 8 /* group does not exist */
#define TRUE 1
#define FALSE 0
@@ -293,6 +294,10 @@ int main (int argc, char **argv)
}
grp = (struct group *) gr_locate (name);
+ if (NULL == grp) {
+ fputs (_("Specified group does not exist\n"), stderr);
+ exit (EXIT_NOT_GROUP);
+ }
if (NULL != adduser) {
grp->gr_mem = addtogroup (adduser, grp->gr_mem);

View file

@ -5,7 +5,7 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.1.2
Release: 7%{?dist}
Release: 8%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
@ -19,6 +19,8 @@ Patch3: shadow-4.1.2-sysAccountDownhill.patch
Patch4: shadow-4.1.2-gmSEGV.patch
Patch5: shadow-4.1.2-audit.patch
Patch6: shadow-4.1.1-selinuxUserMappings.patch
Patch7: shadow-4.1.2-checkName.patch
Patch8: shadow-4.1.2-gmNoGroup.patch
License: BSD
Group: System Environment/Base
@ -50,6 +52,8 @@ are used for managing group accounts.
%patch4 -p1 -b .gmSEGV
%patch5 -p1 -b .audit
%patch6 -p1 -b .selinuxUserMappings
%patch7 -p1 -b .checkName
%patch8 -p1 -b .gmNoGroup
rm po/*.gmo
@ -190,6 +194,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8*
%changelog
* Wed Sep 24 2008 Peter Vrabec <pvrabec@redhat.com> 2:4.1.2-8
- groupmems: check username for valid character (#455603)
- groupmems: don't segfault on nonexistent group (#456088)
* Thu Sep 11 2008 Peter Vrabec <pvrabec@redhat.com> 2:4.1.2-7
- fix usermod SELinux user mappings change (#458766)