diff options
| author | Parabola <dev@list.parabolagnulinux.org> | 2012-02-17 19:21:14 +0000 |
|---|---|---|
| committer | Parabola <dev@list.parabolagnulinux.org> | 2012-02-17 19:21:14 +0000 |
| commit | 68998b64e2d81f7e77184b7f23ee141da1d0e2ff (patch) | |
| tree | dfa6ff47ee59435fe22c16f65d2fc641d78a6417 /core/shadow | |
| parent | 4fc59478d1180fd7984003f5b1645fe40954299f (diff) | |
Fri Feb 17 19:21:14 UTC 2012
Diffstat (limited to 'core/shadow')
| -rw-r--r-- | core/shadow/shadow_CVE-2011-0721.patch | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/core/shadow/shadow_CVE-2011-0721.patch b/core/shadow/shadow_CVE-2011-0721.patch deleted file mode 100644 index eb9ad80a2..000000000 --- a/core/shadow/shadow_CVE-2011-0721.patch +++ /dev/null @@ -1,57 +0,0 @@ -Goal: Input sanitization for chfn and chsh - -Fixes: CVE-2011-0721 - -Status wrt upstream: Already applied upstream (4.1.4.3) - ---- a/src/chfn.c -+++ b/src/chfn.c -@@ -551,14 +551,14 @@ - static void check_fields (void) - { - int err; -- err = valid_field (fullnm, ":,="); -+ err = valid_field (fullnm, ":,=\n"); - if (err > 0) { - fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm); - } else if (err < 0) { - fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm); - fail_exit (E_NOPERM); - } -- err = valid_field (roomno, ":,="); -+ err = valid_field (roomno, ":,=\n"); - if (err > 0) { - fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno); - } else if (err < 0) { -@@ -566,17 +566,17 @@ - Prog, roomno); - fail_exit (E_NOPERM); - } -- if (valid_field (workph, ":,=") != 0) { -+ if (valid_field (workph, ":,=\n") != 0) { - fprintf (stderr, _("%s: invalid work phone: '%s'\n"), - Prog, workph); - fail_exit (E_NOPERM); - } -- if (valid_field (homeph, ":,=") != 0) { -+ if (valid_field (homeph, ":,=\n") != 0) { - fprintf (stderr, _("%s: invalid home phone: '%s'\n"), - Prog, homeph); - fail_exit (E_NOPERM); - } -- err = valid_field (slop, ":"); -+ err = valid_field (slop, ":\n"); - if (err > 0) { - fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop); - } else if (err < 0) { ---- a/src/chsh. -+++ b/src/chsh.c -@@ -528,7 +528,7 @@ - * users are restricted to using the shells in /etc/shells. - * The shell must be executable by the user. - */ -- if (valid_field (loginsh, ":,=") != 0) { -+ if (valid_field (loginsh, ":,=\n") != 0) { - fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh); - fail_exit (1); - } |