aboutsummaryrefslogtreecommitdiff
path: root/shadow/tst-putspent.c
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2015-10-02 11:34:13 +0200
committerFlorian Weimer <fweimer@redhat.com>2015-10-02 11:34:13 +0200
commit676599b36a92f3c201c5682ee7a5caddd9f370a4 (patch)
tree6860752c26ccab76ee9db5e60ff465d1edf25feb /shadow/tst-putspent.c
parentb0f81637d5bda47be93bac34b68f429a12979321 (diff)
downloadglibc-676599b36a92f3c201c5682ee7a5caddd9f370a4.zip
glibc-676599b36a92f3c201c5682ee7a5caddd9f370a4.tar.gz
glibc-676599b36a92f3c201c5682ee7a5caddd9f370a4.tar.bz2
Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]
This prevents injection of ':' and '\n' into output functions which use the NSS files database syntax. Critical fields (user/group names and file system paths) are checked strictly. For backwards compatibility, the GECOS field is rewritten instead. The getent program is adjusted to use the put*ent functions in libc, instead of local copies. This changes the behavior of getent if user names start with '-' or '+'.
Diffstat (limited to 'shadow/tst-putspent.c')
-rw-r--r--shadow/tst-putspent.c164
1 files changed, 164 insertions, 0 deletions
diff --git a/shadow/tst-putspent.c b/shadow/tst-putspent.c
new file mode 100644
index 0000000..d00c022
--- /dev/null
+++ b/shadow/tst-putspent.c
@@ -0,0 +1,164 @@
+/* Test for processing of invalid shadow entries. [BZ #18724]
+ Copyright (C) 2015 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <shadow.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+static bool errors;
+
+static void
+check (struct spwd p, const char *expected)
+{
+ char *buf;
+ size_t buf_size;
+ FILE *f = open_memstream (&buf, &buf_size);
+
+ if (f == NULL)
+ {
+ printf ("open_memstream: %m\n");
+ errors = true;
+ return;
+ }
+
+ int ret = putspent (&p, f);
+
+ if (expected == NULL)
+ {
+ if (ret == -1)
+ {
+ if (errno != EINVAL)
+ {
+ printf ("putspent: unexpected error code: %m\n");
+ errors = true;
+ }
+ }
+ else
+ {
+ printf ("putspent: unexpected success (\"%s\")\n", p.sp_namp);
+ errors = true;
+ }
+ }
+ else
+ {
+ /* Expect success. */
+ size_t expected_length = strlen (expected);
+ if (ret == 0)
+ {
+ long written = ftell (f);
+
+ if (written <= 0 || fflush (f) < 0)
+ {
+ printf ("stream error: %m\n");
+ errors = true;
+ }
+ else if (buf[written - 1] != '\n')
+ {
+ printf ("FAILED: \"%s\" without newline\n", expected);
+ errors = true;
+ }
+ else if (strncmp (buf, expected, written - 1) != 0
+ || written - 1 != expected_length)
+ {
+ printf ("FAILED: \"%s\" (%ld), expected \"%s\" (%zu)\n",
+ buf, written - 1, expected, expected_length);
+ errors = true;
+ }
+ }
+ else
+ {
+ printf ("FAILED: putspent (expected \"%s\"): %m\n", expected);
+ errors = true;
+ }
+ }
+
+ fclose (f);
+ free (buf);
+}
+
+static int
+do_test (void)
+{
+ check ((struct spwd) {
+ .sp_namp = (char *) "root",
+ },
+ "root::0:0:0:0:0:0:0");
+ check ((struct spwd) {
+ .sp_namp = (char *) "root",
+ .sp_pwdp = (char *) "password",
+ },
+ "root:password:0:0:0:0:0:0:0");
+ check ((struct spwd) {
+ .sp_namp = (char *) "root",
+ .sp_pwdp = (char *) "password",
+ .sp_lstchg = -1,
+ .sp_min = -1,
+ .sp_max = -1,
+ .sp_warn = -1,
+ .sp_inact = -1,
+ .sp_expire = -1,
+ .sp_flag = -1
+ },
+ "root:password:::::::");
+ check ((struct spwd) {
+ .sp_namp = (char *) "root",
+ .sp_pwdp = (char *) "password",
+ .sp_lstchg = 1,
+ .sp_min = 2,
+ .sp_max = 3,
+ .sp_warn = 4,
+ .sp_inact = 5,
+ .sp_expire = 6,
+ .sp_flag = 7
+ },
+ "root:password:1:2:3:4:5:6:7");
+
+ /* Bad values. */
+ {
+ static const char *const bad_strings[] = {
+ ":",
+ "\n",
+ ":bad",
+ "\nbad",
+ "b:ad",
+ "b\nad",
+ "bad:",
+ "bad\n",
+ "b:a\nd",
+ NULL
+ };
+ for (const char *const *bad = bad_strings; *bad != NULL; ++bad)
+ {
+ check ((struct spwd) {
+ .sp_namp = (char *) *bad,
+ }, NULL);
+ check ((struct spwd) {
+ .sp_namp = (char *) "root",
+ .sp_pwdp = (char *) *bad,
+ }, NULL);
+ }
+ }
+
+ return errors;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"