From 676599b36a92f3c201c5682ee7a5caddd9f370a4 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Fri, 2 Oct 2015 11:34:13 +0200
Subject: Harden putpwent, putgrent, putspent, putspent against injection [BZ
 #18724]

This prevents injection of ':' and '\n' into output functions which
use the NSS files database syntax.  Critical fields (user/group names
and file system paths) are checked strictly.  For backwards
compatibility, the GECOS field is rewritten instead.

The getent program is adjusted to use the put*ent functions in libc,
instead of local copies.  This changes the behavior of getent if user
names start with '-' or '+'.
---
 include/pwd.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/pwd.h')

diff --git a/include/pwd.h b/include/pwd.h
index bd7fecc..3b0f725 100644
--- a/include/pwd.h
+++ b/include/pwd.h
@@ -24,7 +24,7 @@ extern int __fgetpwent_r (FILE * __stream, struct passwd *__resultbuf,
 			  char *__buffer, size_t __buflen,
 			  struct passwd **__result);
 
-#include <nss/nss.h>
+#include <nss.h>
 
 struct parser_data;
 extern int _nss_files_parse_pwent (char *line, struct passwd *result,
-- 
cgit v1.1