emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* NEWS, src/chfn.c, src/chsh.c: Fix CVE-2011-0721: forbid \n in

Browse Source 
gecos or shell.
This commit is contained in:
nekral-guest
2011-02-16 00:18:45 +00:00
parent 7de49dec7b
commit 0419fc4f5f
4 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/chfn.c
View File

@@ -551,14 +551,14 @@ static void get_old_fields (const char *gecos)
static void check_fields (void)
{
int err;
err = valid_field (fullnm, ":,=");
err = valid_field (fullnm, ":,=\n");
if (err > 0) {
fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm);
} else if (err < 0) {
fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm);
fail_exit (E_NOPERM);
}
err = valid_field (roomno, ":,=");
err = valid_field (roomno, ":,=\n");
if (err > 0) {
fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno);
} else if (err < 0) {
@@ -566,17 +566,17 @@ static void check_fields (void)
Prog, roomno);
fail_exit (E_NOPERM);
}
if (valid_field (workph, ":,=") != 0) {
if (valid_field (workph, ":,=\n") != 0) {
fprintf (stderr, _("%s: invalid work phone: '%s'\n"),
Prog, workph);
fail_exit (E_NOPERM);
}
if (valid_field (homeph, ":,=") != 0) {
if (valid_field (homeph, ":,=\n") != 0) {
fprintf (stderr, _("%s: invalid home phone: '%s'\n"),
Prog, homeph);
fail_exit (E_NOPERM);
}
err = valid_field (slop, ":");
err = valid_field (slop, ":\n");
if (err > 0) {
fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop);
} else if (err < 0) {