packages/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 4.14.3

Browse Source
This commit is contained in:
zhengxiaoxiao 2024-02-01 22:51:29 +08:00
parent 1dd69f13d7
commit 0d384a248f
19 changed files with 114 additions and 921 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
backport-Added-control-character-check.patch
View File

@ -1,45 +0,0 @@
From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
Date: Thu, 23 Mar 2023 23:39:38 +0000
Subject: [PATCH] Added control character check
Added control character check, returning -1 (to "err") if control characters are present.
---
lib/fields.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/fields.c b/lib/fields.c
index 640be931..fb51b582 100644
--- a/lib/fields.c
+++ b/lib/fields.c
@@ -21,9 +21,9 @@
*
* The supplied field is scanned for non-printable and other illegal
* characters.
- * + -1 is returned if an illegal character is present.
- * + 1 is returned if no illegal characters are present, but the field
- * contains a non-printable character.
+ * + -1 is returned if an illegal or control character is present.
+ * + 1 is returned if no illegal or control characters are present,
+ * but the field contains a non-printable character.
* + 0 is returned otherwise.
*/
int valid_field (const char *field, const char *illegal)
@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
}
if (0 == err) {
- /* Search if there are some non-printable characters */
+ /* Search if there are non-printable or control characters */
for (cp = field; '\0' != *cp; cp++) {
if (!isprint (*cp)) {
err = 1;
+ }
+ if (!iscntrl (*cp)) {
+ err = -1;
break;
}
}
--
2.27.0

55
backport-Correctly-handle-illegal-system-file-in-tz.patch
View File

@ -1,55 +0,0 @@
From 37ae2320809cb16afa9dacd8e5ea317ae216ee36 Mon Sep 17 00:00:00 2001
From: Samanta Navarro <ferivoz@riseup.net>
Date: Fri, 27 Jan 2023 11:57:51 +0000
Subject: [PATCH] Correctly handle illegal system file in tz
If the file referenced by ENV_TZ has a zero length string, then an out
of boundary write occurs. Also the result can be wrong because it is
assumed that the file will always end with a newline.
Only override a newline character with '\0' to avoid these cases.
This cannot be considered to be security relevant because login.defs
and its contained references to system files should be trusted to begin
with.
Proof of Concept:
1. Compile shadow's su with address sanitizer and --without-libpam
2. Setup your /etc/login.defs to contain ENV_TZ=/etc/tzname
3. Prepare /etc/tzname to contain a '\0' byte at the beginning
`python -c "print('\x00')" > /etc/tzname`
4. Use su
`su -l`
You can see the following output:
`tz.c:45:8: runtime error: index 18446744073709551615 out of bounds for type 'char [8192]'`
Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
---
libmisc/tz.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libmisc/tz.c b/libmisc/tz.c
index f3f5733e..9f3a41f2 100644
--- a/libmisc/tz.c
+++ b/libmisc/tz.c
@@ -42,7 +42,8 @@
strcpy (tzbuf, def_tz);
} else {
- tzbuf[strlen (tzbuf) - 1] = '\0';
+ /* Remove optional trailing '\n'. */
+ tzbuf[strcspn (tzbuf, "\n")] = '\0';
}
if (NULL != fp) {
--
2.27.0

55
backport-Explicitly-override-only-newlines.patch
View File

@ -1,55 +0,0 @@
From ffc480c2e93f05266e4b130229877ad13f71a8c0 Mon Sep 17 00:00:00 2001
From: Samanta Navarro <ferivoz@riseup.net>
Date: Mon, 30 Jan 2023 11:53:47 +0000
Subject: [PATCH] Explicitly override only newlines
Override only newlines with '\0' to avoid undesired truncation of
actual line content.
Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
---
lib/port.c | 6 +++---
libmisc/console.c | 3 ++-
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/lib/port.c b/lib/port.c
index 0bea2ef4..90eb1498 100644
--- a/lib/port.c
+++ b/lib/port.c
@@ -130,8 +130,8 @@ static struct port *getportent (void)
again:
/*
- * Get the next line and remove the last character, which
- * is a '\n'. Lines which begin with '#' are all ignored.
+ * Get the next line and remove optional trailing '\n'.
+ * Lines which begin with '#' are all ignored.
*/
if (fgets (buf, (int) sizeof buf, ports) == 0) {
@@ -149,7 +149,7 @@ static struct port *getportent (void)
* TTY devices.
*/
- buf[strlen (buf) - 1] = 0;
+ buf[strcspn (buf, "\n")] = 0;
port.pt_names = ttys;
for (cp = buf, j = 0; j < PORT_TTY; j++) {
diff --git a/libmisc/console.c b/libmisc/console.c
index bc024eba..63d3ceb3 100644
--- a/libmisc/console.c
+++ b/libmisc/console.c
@@ -71,7 +71,8 @@ static bool is_listed (const char *cfgin, const char *tty, bool def)
*/
while (fgets (buf, (int) sizeof (buf), fp) != NULL) {
- buf[strlen (buf) - 1] = '\0';
+ /* Remove optional trailing '\n'. */
+ buf[strcspn (buf, "\n")] = '\0';
if (strcmp (buf, tty) == 0) {
(void) fclose (fp);
return true;
--
2.27.0

74
backport-Fix-off-by-one-mistakes.patch
View File

@ -1,74 +0,0 @@
From 587ce83e3ff4bea64ac028149ac9b66df37f688c Mon Sep 17 00:00:00 2001
From: Alejandro Colomar <alx@kernel.org>
Date: Fri, 16 Dec 2022 00:52:27 +0100
Subject: [PATCH] Fix off-by-one mistakes
The buffers have a size of 512 (see xmalloc() above), which is what
snprintf(3) expects.
Link: <https://github.com/shadow-maint/shadow/pull/607>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
src/groupmod.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/groupmod.c b/src/groupmod.c
index 006eca1c..828c7c0b 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -554,13 +554,13 @@ static void prepare_failure_reports (void)
#endif
info_passwd.audit_msg = xmalloc (512);
- (void) snprintf (info_group.audit_msg, 511,
+ (void) snprintf (info_group.audit_msg, 512,
"changing %s; ", gr_dbname ());
#ifdef SHADOWGRP
- (void) snprintf (info_gshadow.audit_msg, 511,
+ (void) snprintf (info_gshadow.audit_msg, 512,
"changing %s; ", sgr_dbname ());
#endif
- (void) snprintf (info_passwd.audit_msg, 511,
+ (void) snprintf (info_passwd.audit_msg, 512,
"changing %s; ", pw_dbname ());
info_group.action = info_group.audit_msg
@@ -573,16 +573,16 @@ static void prepare_failure_reports (void)
+ strlen (info_passwd.audit_msg);
(void) snprintf (info_group.action,
- 511 - strlen (info_group.audit_msg),
+ 512 - strlen (info_group.audit_msg),
"group %s/%lu",
group_name, (unsigned long int) group_id);
#ifdef SHADOWGRP
(void) snprintf (info_gshadow.action,
- 511 - strlen (info_group.audit_msg),
+ 512 - strlen (info_group.audit_msg),
"group %s", group_name);
#endif
(void) snprintf (info_passwd.action,
- 511 - strlen (info_group.audit_msg),
+ 512 - strlen (info_group.audit_msg),
"group %s/%lu",
group_name, (unsigned long int) group_id);
@@ -617,13 +617,13 @@ static void prepare_failure_reports (void)
strncat (info_group.action, ", new gid: ",
511 - strlen (info_group.audit_msg));
(void) snprintf (info_group.action+strlen (info_group.action),
- 511 - strlen (info_group.audit_msg),
+ 512 - strlen (info_group.audit_msg),
"%lu", (unsigned long int) group_newid);
strncat (info_passwd.action, ", new gid: ",
511 - strlen (info_passwd.audit_msg));
(void) snprintf (info_passwd.action+strlen (info_passwd.action),
- 511 - strlen (info_passwd.audit_msg),
+ 512 - strlen (info_passwd.audit_msg),
"%lu", (unsigned long int) group_newid);
}
info_group.audit_msg[511] = '\0';
--
2.27.0

32
backport-Fix-typos-in-length-calculations.patch
View File

@ -1,32 +0,0 @@
From ed69feaaff3c86745390c9839ecfc4b8f9706075 Mon Sep 17 00:00:00 2001
From: Alejandro Colomar <alx@kernel.org>
Date: Fri, 16 Dec 2022 01:08:12 +0100
Subject: [PATCH] Fix typos in length calculations
Link: <https://github.com/shadow-maint/shadow/pull/607>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
src/groupmod.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/groupmod.c b/src/groupmod.c
index 7802e5b1..8c219194 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -578,11 +578,11 @@ static void prepare_failure_reports (void)
group_name, (unsigned long int) group_id);
#ifdef SHADOWGRP
(void) snprintf (info_gshadow.action,
- 512 - strlen (info_group.audit_msg),
+ 512 - strlen (info_gshadow.audit_msg),
"group %s", group_name);
#endif
(void) snprintf (info_passwd.action,
- 512 - strlen (info_group.audit_msg),
+ 512 - strlen (info_passwd.audit_msg),
"group %s/%lu",
group_name, (unsigned long int) group_id);
--
2.27.0

61
backport-Overhaul-valid_field.patch
View File

@ -1,61 +0,0 @@
From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 31 Mar 2023 14:46:50 +0200
Subject: [PATCH] Overhaul valid_field()
e5905c4b ("Added control character check") introduced checking for
control characters but had the logic inverted, so it rejects all
characters that are not control ones.
Cast the character to `unsigned char` before passing to the character
checking functions to avoid UB.
Use strpbrk(3) for the illegal character test and return early.
---
lib/fields.c | 24 ++++++++++--------------
1 file changed, 10 insertions(+), 14 deletions(-)
diff --git a/lib/fields.c b/lib/fields.c
index fb51b582..53929248 100644
--- a/lib/fields.c
+++ b/lib/fields.c
@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal)
/* For each character of field, search if it appears in the list
* of illegal characters. */
+ if (illegal && NULL != strpbrk (field, illegal)) {
+ return -1;
+ }
+
+ /* Search if there are non-printable or control characters */
for (cp = field; '\0' != *cp; cp++) {
- if (strchr (illegal, *cp) != NULL) {
+ unsigned char c = *cp;
+ if (!isprint (c)) {
+ err = 1;
+ }
+ if (iscntrl (c)) {
err = -1;
break;
}
}
- if (0 == err) {
- /* Search if there are non-printable or control characters */
- for (cp = field; '\0' != *cp; cp++) {
- if (!isprint (*cp)) {
- err = 1;
- }
- if (!iscntrl (*cp)) {
- err = -1;
- break;
- }
- }
- }
-
return err;
}
--
2.27.0

56
backport-Prevent-out-of-boundary-access.patch
View File

@ -1,56 +0,0 @@
From 8e0ad48c21bd7d5506ff44eb4c04f796b80045ce Mon Sep 17 00:00:00 2001
From: Samanta Navarro <ferivoz@riseup.net>
Date: Mon, 30 Jan 2023 11:54:49 +0000
Subject: [PATCH] Prevent out of boundary access
If lines start with '\0' then it is possible to trigger out of
boundary accesses.
Check if indices are valid before accessing them.
Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
---
src/login_nopam.c | 4 ++--
src/suauth.c | 3 ++-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/login_nopam.c b/src/login_nopam.c
index b09cffe4..18072a43 100644
--- a/src/login_nopam.c
+++ b/src/login_nopam.c
@@ -100,7 +100,7 @@ int login_access (const char *user, const char *from)
int end;
lineno++;
end = (int) strlen (line) - 1;
- if (line[end] != '\n') {
+ if (line[0] == '\0' || line[end] != '\n') {
SYSLOG ((LOG_ERR,
"%s: line %d: missing newline or line too long",
TABLE, lineno));
@@ -320,7 +320,7 @@ static bool from_match (const char *tok, const char *string)
if (strchr (string, '.') == NULL) {
return true;
}
- } else if ( (tok[(tok_len = strlen (tok)) - 1] == '.') /* network */
+ } else if ( (tok[0] != '\0' && tok[(tok_len = strlen (tok)) - 1] == '.') /* network */
&& (strncmp (tok, resolve_hostname (string), tok_len) == 0)) {
return true;
}
diff --git a/src/suauth.c b/src/suauth.c
index 2641d334..d68a3340 100644
--- a/src/suauth.c
+++ b/src/suauth.c
@@ -68,8 +68,9 @@ int check_su_auth (const char *actual_id,
while (fgets (temp, sizeof (temp), authfile_fd) != NULL) {
lines++;
+ endline = strlen(temp) - 1;
- if (temp[endline = strlen (temp) - 1] != '\n') {
+ if (temp[0] == '\0' || temp[endline] != '\n') {
SYSLOG ((LOG_ERR,
"%s, line %d: line too long or missing newline",
SUAUTHFILE, lines));
--
2.27.0

67
backport-Read-whole-line-in-yes_or_no.patch
View File

@ -1,67 +0,0 @@
From 0c83b981053b65c9bab4f1c2e60d004e920f8faf Mon Sep 17 00:00:00 2001
From: Samanta Navarro <ferivoz@riseup.net>
Date: Fri, 27 Jan 2023 11:53:57 +0000
Subject: [PATCH] Read whole line in yes_or_no
Do not stop after 79 characters. Read the complete line to avoid
arbitrary limitations.
Proof of Concept:
```
cat > passwd-poc << EOF
root:x:0:0:root:/root:/bin/bash
root:x:0:0:root:/root:/bin/bash
root:x:0:0:root:/root:/bin/bash
EOF
python -c "print(80*'y')" | pwck passwd-poc
```
Two lines should still be within the file because we agreed only once
to remove a duplicated line.
Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Conflict: NA
Reference: https://github.com/shadow-maint/shadow/commit/0c83b981053b65c9bab4f1c2e60d004e920f8faf
---
libmisc/yesno.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/libmisc/yesno.c b/libmisc/yesno.c
index 1a1a3714..d8847e40 100644
--- a/libmisc/yesno.c
+++ b/libmisc/yesno.c
@@ -28,7 +28,8 @@
*/
bool yes_or_no (bool read_only)
{
- char buf[80];
+ int c;
+ bool result;
/*
* In read-only mode all questions are answered "no".
@@ -46,11 +47,13 @@ bool yes_or_no (bool read_only)
/*
* Get a line and see what the first character is.
*/
+ c = fgetc(stdin);
/* TODO: use gettext */
- if (fgets (buf, (int) sizeof buf, stdin) == buf) {
- return buf[0] == 'y' || buf[0] == 'Y';
- }
+ result = (c == 'y' || c == 'Y');
+
+ while (c != '\n' && c != EOF)
+ c = fgetc(stdin);
- return false;
+ return result;
}
--
2.27.0

36
backport-chgpasswd-fix-segfault-in-command-line-options.patch
View File

@ -1,36 +0,0 @@
From 53a17c1742a4b5fcf9280fd6dd85fc77588535c2 Mon Sep 17 00:00:00 2001
From: Jeffrey Bencteux <jeffbencteux@gmail.com>
Date: Wed, 21 Jun 2023 15:12:43 +0200
Subject: [PATCH] chgpasswd: fix segfault in command-line options
Using the --sha-rounds option without first giving a crypt method via the --crypt-method option results in comparisons with a NULL pointer and thus make chgpasswd segfault:
$ chgpasswd -s 1
zsh: segmentation fault chgpasswd -s 1
Current patch add a sanity check before these comparisons to ensure there is a defined encryption method.
---
src/chgpasswd.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index fe4055d8..7b773e2f 100644
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -186,6 +186,13 @@ static void process_flags (int argc, char **argv)
case 's':
sflg = true;
bad_s = 0;
+
+ if (!crypt_method) {
+ fprintf (stderr,
+ _("%s: no crypt method defined\n"),
+ Prog);
+ usage (E_USAGE);
+ }
#if defined(USE_SHA_CRYPT)
if ( ( ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512")))
&& (0 == getlong(optarg, &sha_rounds)))) {
--
2.20.1

39
backport-commonio-free-removed-database-entries.patch
View File

@ -1,39 +0,0 @@
From a8dd8ce6c9a5f6e69ed4e9fa7b0c0976bb4ba332 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Sat, 1 Apr 2023 13:36:51 +0200
Subject: [PATCH] commonio: free removed database entries
Free the actual struct of the removed entry.
Example userdel report:
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x55b230efe857 in reallocarray (./src/userdel+0xda857)
#1 0x55b230f6041f in mallocarray ./lib/./alloc.h:97:9
#2 0x55b230f6041f in commonio_open ./lib/commonio.c:563:7
#3 0x55b230f39098 in open_files ./src/userdel.c:555:6
#4 0x55b230f39098 in main ./src/userdel.c:1189:2
#5 0x7f9b48c64189 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
Conflict: NA
Reference: https://github.com/shadow-maint/shadow/commit/a8dd8ce6c9a5f6e69ed4e9fa7b0c0976bb4ba332
---
lib/commonio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/commonio.c b/lib/commonio.c
index 40e62298..a0449c83 100644
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -1060,6 +1060,8 @@ int commonio_remove (struct commonio_db *db, const char *name)
db->ops->free (p->eptr);
}
+ free(p);
+
return 1;
}
--
2.27.0

127
backport-run_parts-for-groupadd-and-groupdel.patch
View File

@ -1,127 +0,0 @@
From 4e1f674c41724dd96ad2c3a0c02ac9f6666697ba Mon Sep 17 00:00:00 2001
From: ed neville <ed@s5h.net>
Date: Mon, 27 Mar 2023 20:23:03 +0100
Subject: [PATCH] run_parts for groupadd and groupdel
run_parts currently exists in useradd and userdel, this commit mirrors
the functionality with groupadd and groupdel
Hook for group{add,del} to include killing processes that have group
membership that would no longer exist to avoid membership ID reuse.
Conflict: NA
Reference: https://github.com/shadow-maint/shadow/commit/4e1f674c41724dd96ad2c3a0c02ac9f6666697ba
---
.../groupdel-pre.d/01-kill_group_procs.sh | 26 +++++++++++++++++++
src/groupadd.c | 11 ++++++++
src/groupdel.c | 11 ++++++++
3 files changed, 48 insertions(+)
create mode 100644 etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh
diff --git a/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh b/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh
new file mode 100644
index 00000000..10db5279
--- /dev/null
+++ b/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+GROUPID=`awk -F: '$1 == "'"${SUBJECT}"'" { print $3 }' /etc/group`
+
+if [ "${GROUPID}" = "" ]; then
+ exit 0
+fi
+
+for status in /proc/*/status; do
+ # either this isn't a process or its already dead since expanding the list
+ [ -f "$status" ] || continue
+
+ tbuf=${status%/status}
+ pid=${tbuf#/proc/}
+ case "$pid" in
+ "$$") continue;;
+ [0-9]*) :;;
+ *) continue
+ esac
+
+ grep -q '^Groups:.*\b'"${GROUPID}"'\b.*' "/proc/$pid/status" || continue
+
+ kill -9 "$pid" || echo "cannot kill $pid" 1>&2
+done
+
diff --git a/src/groupadd.c b/src/groupadd.c
index 31142101..2eda1c68 100644
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -34,6 +34,7 @@
#include "sgroupio.h"
#endif
#include "shadowlog.h"
+#include "run_part.h"
/*
* exit status values
@@ -603,6 +604,11 @@ int main (int argc, char **argv)
check_perms ();
+ if (run_parts ("/etc/shadow-maint/groupadd-pre.d", group_name,
+ "groupadd")) {
+ exit(1);
+ }
+
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif
@@ -621,6 +627,11 @@ int main (int argc, char **argv)
grp_update ();
close_files ();
+ if (run_parts ("/etc/shadow-maint/groupadd-post.d", group_name,
+ "groupadd")) {
+ exit(1);
+ }
+
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
diff --git a/src/groupdel.c b/src/groupdel.c
index fdccf5e1..bae4367b 100644
--- a/src/groupdel.c
+++ b/src/groupdel.c
@@ -32,6 +32,7 @@
#include "sgroupio.h"
#endif
#include "shadowlog.h"
+#include "run_part.h"
/*
* Global variables
*/
@@ -461,6 +462,11 @@ int main (int argc, char **argv)
group_busy (group_id);
}
+ if (run_parts ("/etc/shadow-maint/groupdel-pre.d", group_name,
+ "groupdel")) {
+ exit(1);
+ }
+
/*
* Do the hard stuff - open the files, delete the group entries,
* then close and update the files.
@@ -471,6 +477,11 @@ int main (int argc, char **argv)
close_files ();
+ if (run_parts ("/etc/shadow-maint/groupdel-post.d", group_name,
+ "groupdel")) {
+ exit(1);
+ }
+
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
--
2.27.0

76
backport-semanage-disconnect-to-free-libsemanage-internals.patch
View File

@ -1,76 +0,0 @@
From 7078ed1e0b8a197aa9e5103986bce927abef87a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Sat, 1 Apr 2023 14:11:06 +0200
Subject: [PATCH] semanage: disconnect to free libsemanage internals
Destroying the handle does not actually disconnect, see [1].
Also free the key on user removal.
[1]: https://github.com/SELinuxProject/selinux/blob/e9072e7d45f4559887d11b518099135cbe564163/libsemanage/src/direct_api.c#L330
Example adduser leak:
Direct leak of 1008 byte(s) in 14 object(s) allocated from:
#0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
#1 0x7fb5cfffad09 in dbase_file_init src/database_file.c:170:45
Direct leak of 392 byte(s) in 7 object(s) allocated from:
#0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
#1 0x7fb5cfffc929 in dbase_policydb_init src/database_policydb.c:187:27
Direct leak of 144 byte(s) in 2 object(s) allocated from:
#0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
#1 0x7fb5cfffb519 in dbase_join_init src/database_join.c:249:28
[...]
Conflict: NA
Reference: https://github.com/shadow-maint/shadow/commit/7078ed1e0b8a197aa9e5103986bce927abef87a4
---
lib/semanage.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/lib/semanage.c b/lib/semanage.c
index 5d336b08..d412186c 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -97,6 +97,8 @@ static semanage_handle_t *semanage_init (void)
return handle;
fail:
+ if (handle)
+ semanage_disconnect (handle);
semanage_handle_destroy (handle);
return NULL;
}
@@ -156,7 +158,7 @@ done:
static int semanage_user_add (semanage_handle_t *handle,
- semanage_seuser_key_t *key,
+ const semanage_seuser_key_t *key,
const char *login_name,
const char *seuser_name)
{
@@ -279,6 +281,8 @@ int set_seuser (const char *login_name, const char *seuser_name)
done:
semanage_seuser_key_free (key);
+ if (handle)
+ semanage_disconnect (handle);
semanage_handle_destroy (handle);
return ret;
}
@@ -353,6 +357,9 @@ int del_seuser (const char *login_name)
ret = 0;
done:
+ semanage_seuser_key_free (key);
+ if (handle)
+ semanage_disconnect (handle);
semanage_handle_destroy (handle);
return ret;
}
--
2.27.0

41
backport-useradd-check-if-subid-range-exists-for-user.patch
View File

@ -1,41 +0,0 @@
From e0524e813a3bae2891b33a66f35876841c11cee7 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Mon, 24 Oct 2022 10:46:36 +0200
Subject: [PATCH 1/4] useradd: check if subid range exists for user
Check if a user already has a subid range before assigning one.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2012929
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reference: https://github.com/shadow-maint/shadow/commit/e0524e813a3bae2891b33a66f35876841c11cee7
Conflict: NA
---
src/useradd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/useradd.c b/src/useradd.c
index 7ea0a9c4..e784d602 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2188,14 +2188,14 @@ static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
fail_exit (E_PW_UPDATE);
}
#ifdef ENABLE_SUBIDS
- if (is_sub_uid &&
+ if (is_sub_uid && !local_sub_uid_assigned(user_name) &&
(sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
Prog, sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
- if (is_sub_gid &&
+ if (is_sub_gid && !local_sub_gid_assigned(user_name) &&
(sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
--
2.12.3

BIN
shadow-4.13.tar.xz
View File

Binary file not shown.

BIN
shadow-4.14.3.tar.xz Normal file
View File

Binary file not shown.

30
shadow-Remove-encrypted-passwd-for-useradd-gr.patch
View File

@ -17,10 +17,10 @@ Signed-off-by: xiongshenglan <xiongshenglan@huawei.com>
4 files changed, 16 insertions(+)
diff --git a/src/groupadd.c b/src/groupadd.c
index d7f68b1..9b7a521 100644
index 2eda1c6..d9b920f 100644
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -125,7 +125,9 @@ static /*@noreturn@*/void usage (int status)
@@ -105,7 +105,9 @@ usage (int status)
(void) fputs (_(" -K, --key KEY=VALUE override /etc/login.defs defaults\n"), usageout);
(void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n"
" (non-unique) GID\n"), usageout);
@ -29,8 +29,8 @@ index d7f68b1..9b7a521 100644
+#endif
(void) fputs (_(" -r, --system create a system account\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DI directory prefix\n"), usageout);
@@ -459,10 +461,12 @@ static void process_flags (int argc, char **argv)
(void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout);
@@ -435,10 +437,12 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
@ -44,10 +44,10 @@ index d7f68b1..9b7a521 100644
rflg = true;
break;
diff --git a/src/groupmod.c b/src/groupmod.c
index acd6f35..f9dcabd 100644
index 7fd02d6..522b65e 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -139,8 +139,10 @@ static void usage (int status)
@@ -121,8 +121,10 @@ static void usage (int status)
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -n, --new-name NEW_GROUP change the name to NEW_GROUP\n"), usageout);
(void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout);
@ -58,7 +58,7 @@ index acd6f35..f9dcabd 100644
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
(void) fputs (_(" -U, --users USERS list of user members of this group\n"), usageout);
@@ -449,10 +451,12 @@ static void process_flags (int argc, char **argv)
@@ -431,10 +433,12 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
@ -72,10 +72,10 @@ index acd6f35..f9dcabd 100644
break;
case 'P': /* no-op, handled in process_prefix_flag () */
diff --git a/src/useradd.c b/src/useradd.c
index 89abd5e..e5ba3dd 100644
index 677ea5a..209ab9c 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -907,7 +907,9 @@ static void usage (int status)
@@ -970,7 +970,9 @@ static void usage (int status)
" the user\n"), usageout);
(void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
" (non-unique) UID\n"), usageout);
@ -85,7 +85,7 @@ index 89abd5e..e5ba3dd 100644
(void) fputs (_(" -r, --system create a system account\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
@@ -1366,6 +1368,7 @@ static void process_flags (int argc, char **argv)
@@ -1442,6 +1444,7 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
@ -93,7 +93,7 @@ index 89abd5e..e5ba3dd 100644
case 'p': /* set encrypted password */
if (!VALID (optarg)) {
fprintf (stderr,
@@ -1375,6 +1378,7 @@ static void process_flags (int argc, char **argv)
@@ -1451,6 +1454,7 @@ static void process_flags (int argc, char **argv)
}
user_pass = optarg;
break;
@ -102,10 +102,10 @@ index 89abd5e..e5ba3dd 100644
rflg = true;
break;
diff --git a/src/usermod.c b/src/usermod.c
index ca8db92..509a50b 100644
index 0a18709..b40b569 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -384,7 +384,9 @@ static /*@noreturn@*/void usage (int status)
@@ -393,7 +393,9 @@ usage (int status)
(void) fputs (_(" -m, --move-home move contents of the home directory to the\n"
" new location (use only with -d)\n"), usageout);
(void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout);
@ -115,7 +115,7 @@ index ca8db92..509a50b 100644
(void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
(void) fputs (_(" -r, --remove remove the user from only the supplemental GROUPS\n"
" mentioned by the -G option without removing\n"
@@ -1121,10 +1123,12 @@ static void process_flags (int argc, char **argv)
@@ -1128,10 +1130,12 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
@ -129,5 +129,5 @@ index ca8db92..509a50b 100644
rflg = true;
break;
--
2.12.3
2.27.0

185
shadow-add-sm3-crypt-support.patch
View File

@ -4,23 +4,23 @@ Date: Wed, 29 Dec 2021 16:05:56 +0800
Subject: [PATCH] shadow add sm3 crypt support
---
configure.ac | 9 ++++
etc/login.defs | 17 ++++++++
lib/encrypt.c | 3 ++
lib/getdef.c | 4 ++
libmisc/obscure.c | 3 ++
libmisc/salt.c | 106 +++++++++++++++++++++++++++++++++++++++++++---
src/chgpasswd.c | 48 +++++++++++++++------
src/chpasswd.c | 46 ++++++++++++++------
src/newusers.c | 61 +++++++++++++++++++-------
src/passwd.c | 7 ++-
10 files changed, 254 insertions(+), 50 deletions(-)
configure.ac | 9 +++++
etc/login.defs | 17 +++++++++
lib/encrypt.c | 3 ++
lib/getdef.c | 4 ++
lib/obscure.c | 3 ++
lib/salt.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++-
src/chgpasswd.c | 48 +++++++++++++++++-------
src/chpasswd.c | 44 ++++++++++++++++------
src/newusers.c | 59 +++++++++++++++++++++--------
src/passwd.c | 7 +++-
10 files changed, 248 insertions(+), 44 deletions(-)
diff --git a/configure.ac b/configure.ac
index 924254a..dde1de8 100644
index 5dcd22e..c9cbbf7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -274,6 +274,9 @@ AC_ARG_WITH(libcrack,
@@ -249,6 +249,9 @@ AC_ARG_WITH(libcrack,
AC_ARG_WITH(sha-crypt,
[AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
[with_sha_crypt=$withval], [with_sha_crypt=yes])
@ -30,7 +30,7 @@ index 924254a..dde1de8 100644
AC_ARG_WITH(bcrypt,
[AS_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])],
[with_bcrypt=$withval], [with_bcrypt=no])
@@ -307,6 +310,11 @@ if test "$with_sha_crypt" = "yes"; then
@@ -285,6 +288,11 @@ if test "$with_sha_crypt" = "yes"; then
AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
fi
@ -42,7 +42,7 @@ index 924254a..dde1de8 100644
AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
if test "$with_bcrypt" = "yes"; then
AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
@@ -752,6 +760,7 @@ echo " tcb support (incomplete): $with_tcb"
@@ -782,6 +790,7 @@ echo " tcb support (incomplete): $with_tcb"
echo " shadow group support: $enable_shadowgrp"
echo " S/Key support: $with_skey"
echo " SHA passwords encryption: $with_sha_crypt"
@ -93,10 +93,10 @@ index c84a255..11b301b 100644
method = "YESCRYPT";
break;
diff --git a/lib/getdef.c b/lib/getdef.c
index dcd1fe7..9a8089a 100644
index 7fe6cef..7314399 100644
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -102,6 +102,10 @@ static struct itemdef def_table[] = {
@@ -106,6 +106,10 @@ static struct itemdef def_table[] = {
{"SHA_CRYPT_MAX_ROUNDS", NULL},
{"SHA_CRYPT_MIN_ROUNDS", NULL},
#endif
@ -107,11 +107,11 @@ index dcd1fe7..9a8089a 100644
#ifdef USE_BCRYPT
{"BCRYPT_MAX_ROUNDS", NULL},
{"BCRYPT_MIN_ROUNDS", NULL},
diff --git a/libmisc/obscure.c b/libmisc/obscure.c
index 3daaa95..644259d 100644
--- a/libmisc/obscure.c
+++ b/libmisc/obscure.c
@@ -246,6 +246,9 @@ static /*@observer@*//*@null@*/const char *obscure_msg (
diff --git a/lib/obscure.c b/lib/obscure.c
index 88a8773..b452092 100644
--- a/lib/obscure.c
+++ b/lib/obscure.c
@@ -198,6 +198,9 @@ static /*@observer@*//*@null@*/const char *obscure_msg (
|| (strcmp (result, "SHA256") == 0)
|| (strcmp (result, "SHA512") == 0)
#endif
@ -121,11 +121,11 @@ index 3daaa95..644259d 100644
#ifdef USE_BCRYPT
|| (strcmp (result, "BCRYPT") == 0)
#endif
diff --git a/libmisc/salt.c b/libmisc/salt.c
index e5f633a..df4b328 100644
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -63,6 +63,17 @@
diff --git a/lib/salt.c b/lib/salt.c
index dc242ff..e584cc1 100644
--- a/lib/salt.c
+++ b/lib/salt.c
@@ -58,6 +58,17 @@
#define SHA_ROUNDS_MAX 999999999
#endif
@ -143,16 +143,7 @@ index e5f633a..df4b328 100644
#ifdef USE_YESCRYPT
/*
* Default number of base64 characters used for the salt.
@@ -95,13 +106,17 @@ static long read_random_bytes (void);
#if !USE_XCRYPT_GENSALT
static /*@observer@*/const char *gensalt (size_t salt_size);
#endif /* !USE_XCRYPT_GENSALT */
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
+#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_SM3_CRYPT)
static long shadow_random (long min, long max);
-#endif /* USE_SHA_CRYPT || USE_BCRYPT */
+#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_SM3_CRYPT*/
#ifdef USE_SHA_CRYPT
@@ -93,6 +104,10 @@ static /*@observer@*/const char *gensalt (size_t salt_size);
static /*@observer@*/unsigned long SHA_get_salt_rounds (/*@null@*/const int *prefered_rounds);
static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long rounds);
#endif /* USE_SHA_CRYPT */
@ -163,25 +154,7 @@ index e5f633a..df4b328 100644
#ifdef USE_BCRYPT
static /*@observer@*/unsigned long BCRYPT_get_salt_rounds (/*@null@*/const int *prefered_rounds);
static /*@observer@*/void BCRYPT_salt_rounds_to_buf (char *buf, unsigned long rounds);
@@ -195,7 +210,7 @@ end:
return randval;
}
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
+#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_SM3_CRYPT)
/*
* Return a random number between min and max (both included).
*
@@ -217,7 +232,7 @@ static long shadow_random (long min, long max)
}
return ret;
}
-#endif /* USE_SHA_CRYPT || USE_BCRYPT */
+#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_SM3_CRYPT*/
#ifdef USE_SHA_CRYPT
/* Return the the rounds number for the SHA crypt methods. */
@@ -293,6 +308,80 @@ static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long round
@@ -177,6 +192,80 @@ static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long round
}
#endif /* USE_SHA_CRYPT */
@ -211,7 +184,7 @@ index e5f633a..df4b328 100644
+ max_rounds = min_rounds;
+ }
+
+ rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
+ rounds = (unsigned long) csrand_interval (min_rounds, max_rounds);
+ }
+ } else if (0 == *prefered_rounds) {
+ rounds = SM3_ROUNDS_DEFAULT;
@ -262,7 +235,7 @@ index e5f633a..df4b328 100644
#ifdef USE_BCRYPT
/* Return the the rounds number for the BCRYPT method. */
static /*@observer@*/unsigned long BCRYPT_get_salt_rounds (/*@null@*/const int *prefered_rounds)
@@ -463,7 +552,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
@@ -347,7 +436,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
* which can both be set inside the login.defs file.
*
* If meth is specified, an additional parameter can be provided.
@ -271,8 +244,8 @@ index e5f633a..df4b328 100644
* (if not NULL).
* * For the YESCRYPT method, this specifies the cost factor (if not NULL).
*/
@@ -515,6 +604,13 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
rounds = SHA_get_salt_rounds ((int *) arg);
@@ -399,6 +488,13 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
rounds = SHA_get_salt_rounds (arg);
SHA_salt_rounds_to_buf (result, rounds);
#endif /* USE_SHA_CRYPT */
+#ifdef USE_SM3_CRYPT
@ -286,7 +259,7 @@ index e5f633a..df4b328 100644
fprintf (log_get_logfd(),
_("Invalid ENCRYPT_METHOD value: '%s'.\n"
diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index d17acb6..9b00520 100644
index 7b773e2..a751dda 100644
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -39,15 +39,18 @@
@ -310,7 +283,7 @@ index d17acb6..9b00520 100644
#ifdef USE_BCRYPT
static long bcrypt_rounds = 13;
#endif
@@ -119,6 +122,9 @@ static /*@noreturn@*/void usage (int status)
@@ -121,6 +124,9 @@ usage (int status)
#if defined(USE_YESCRYPT)
" YESCRYPT"
#endif
@ -320,7 +293,7 @@ index d17acb6..9b00520 100644
);
(void) fputs (_(" -e, --encrypted supplied passwords are encrypted\n"), usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
@@ -126,11 +132,11 @@ static /*@noreturn@*/void usage (int status)
@@ -128,11 +134,11 @@ usage (int status)
" the MD5 algorithm\n"),
usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
@ -335,7 +308,7 @@ index d17acb6..9b00520 100644
(void) fputs ("\n", usageout);
exit (status);
@@ -144,22 +150,22 @@ static /*@noreturn@*/void usage (int status)
@@ -146,22 +152,22 @@ usage (int status)
static void process_flags (int argc, char **argv)
{
int c;
@ -363,7 +336,7 @@ index d17acb6..9b00520 100644
"c:ehmR:s:",
#else
"c:ehmR:",
@@ -180,7 +186,7 @@ static void process_flags (int argc, char **argv)
@@ -182,7 +188,7 @@ static void process_flags (int argc, char **argv)
break;
case 'R': /* no-op, handled in process_root_flag () */
break;
@ -372,7 +345,7 @@ index d17acb6..9b00520 100644
case 's':
sflg = true;
bad_s = 0;
@@ -202,6 +208,12 @@ static void process_flags (int argc, char **argv)
@@ -211,6 +217,12 @@ static void process_flags (int argc, char **argv)
bad_s = 1;
}
#endif /* USE_YESCRYPT */
@ -385,7 +358,7 @@ index d17acb6..9b00520 100644
if (bad_s != 0) {
fprintf (stderr,
_("%s: invalid numeric argument '%s'\n"),
@@ -209,7 +221,7 @@ static void process_flags (int argc, char **argv)
@@ -218,7 +230,7 @@ static void process_flags (int argc, char **argv)
usage (E_USAGE);
}
break;
@ -394,7 +367,7 @@ index d17acb6..9b00520 100644
default:
usage (E_USAGE);
@@ -228,7 +240,7 @@ static void process_flags (int argc, char **argv)
@@ -237,7 +249,7 @@ static void process_flags (int argc, char **argv)
*/
static void check_flags (void)
{
@ -403,7 +376,7 @@ index d17acb6..9b00520 100644
if (sflg && !cflg) {
fprintf (stderr,
_("%s: %s flag is only allowed with the %s flag\n"),
@@ -259,6 +271,9 @@ static void check_flags (void)
@@ -268,6 +280,9 @@ static void check_flags (void)
#ifdef USE_YESCRYPT
&& (0 != strcmp (crypt_method, "YESCRYPT"))
#endif /* USE_YESCRYPT */
@ -413,7 +386,7 @@ index d17acb6..9b00520 100644
) {
fprintf (stderr,
_("%s: unsupported crypt method: %s\n"),
@@ -483,7 +498,7 @@ int main (int argc, char **argv)
@@ -498,7 +513,7 @@ int main (int argc, char **argv)
if (md5flg) {
crypt_method = "MD5";
}
@ -422,7 +395,7 @@ index d17acb6..9b00520 100644
if (sflg) {
#if defined(USE_SHA_CRYPT)
if ( (0 == strcmp (crypt_method, "SHA256"))
@@ -501,6 +516,11 @@ int main (int argc, char **argv)
@@ -516,6 +531,11 @@ int main (int argc, char **argv)
arg = &yescrypt_cost;
}
#endif /* USE_YESCRYPT */
@ -435,7 +408,7 @@ index d17acb6..9b00520 100644
#endif
salt = crypt_make_salt (crypt_method, arg);
diff --git a/src/chpasswd.c b/src/chpasswd.c
index 48d5178..9003c18 100644
index 1a1a5d5..a2b6e9e 100644
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -38,7 +38,7 @@
@ -457,7 +430,7 @@ index 48d5178..9003c18 100644
#ifdef USE_BCRYPT
static long bcrypt_rounds = 13;
#endif
@@ -113,6 +116,9 @@ static /*@noreturn@*/void usage (int status)
@@ -117,6 +120,9 @@ usage (int status)
#endif
#if defined(USE_YESCRYPT)
" YESCRYPT"
@ -467,22 +440,18 @@ index 48d5178..9003c18 100644
#endif
);
(void) fputs (_(" -e, --encrypted supplied passwords are encrypted\n"), usageout);
@@ -121,11 +127,11 @@ static /*@noreturn@*/void usage (int status)
" the MD5 algorithm\n"),
@@ -126,8 +132,8 @@ usage (int status)
usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout);
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
- (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n"
+#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT)
+ (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT, SM3\n"
" or YESCRYPT crypt algorithms\n"),
usageout);
-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
+#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */
(void) fputs ("\n", usageout);
exit (status);
@@ -139,23 +145,23 @@ static /*@noreturn@*/void usage (int status)
#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
@@ -144,9 +150,9 @@ usage (int status)
static void process_flags (int argc, char **argv)
{
int c;
@ -494,9 +463,10 @@ index 48d5178..9003c18 100644
static struct option long_options[] = {
{"crypt-method", required_argument, NULL, 'c'},
{"encrypted", no_argument, NULL, 'e'},
{"help", no_argument, NULL, 'h'},
@@ -154,14 +160,14 @@ static void process_flags (int argc, char **argv)
{"md5", no_argument, NULL, 'm'},
{"root", required_argument, NULL, 'R'},
{"prefix", required_argument, NULL, 'P'},
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
+#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT)
{"sha-rounds", required_argument, NULL, 's'},
@ -508,19 +478,19 @@ index 48d5178..9003c18 100644
while ((c = getopt_long (argc, argv,
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
+#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT)
"c:ehmR:s:",
"c:ehmR:P:s:",
#else
"c:ehmR:",
@@ -176,7 +182,7 @@ static void process_flags (int argc, char **argv)
"c:ehmR:P:",
@@ -184,7 +190,7 @@ static void process_flags (int argc, char **argv)
break;
case 'R': /* no-op, handled in process_root_flag () */
case 'P': /* no-op, handled in process_prefix_flag () */
break;
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
+#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT)
case 's':
sflg = true;
bad_s = 0;
@@ -198,14 +204,20 @@ static void process_flags (int argc, char **argv)
@@ -206,14 +212,20 @@ static void process_flags (int argc, char **argv)
bad_s = 1;
}
#endif /* USE_YESCRYPT */
@ -543,7 +513,7 @@ index 48d5178..9003c18 100644
default:
usage (E_USAGE);
@@ -224,7 +236,7 @@ static void process_flags (int argc, char **argv)
@@ -232,7 +244,7 @@ static void process_flags (int argc, char **argv)
*/
static void check_flags (void)
{
@ -552,7 +522,7 @@ index 48d5178..9003c18 100644
if (sflg && !cflg) {
fprintf (stderr,
_("%s: %s flag is only allowed with the %s flag\n"),
@@ -249,6 +261,9 @@ static void check_flags (void)
@@ -257,6 +269,9 @@ static void check_flags (void)
&&(!IS_CRYPT_METHOD("SHA256"))
&&(!IS_CRYPT_METHOD("SHA512"))
#endif /* USE_SHA_CRYPT */
@ -562,7 +532,7 @@ index 48d5178..9003c18 100644
#ifdef USE_BCRYPT
&&(!IS_CRYPT_METHOD("BCRYPT"))
#endif /* USE_BCRYPT */
@@ -422,6 +437,11 @@ static const char *get_salt(void)
@@ -430,6 +445,11 @@ static const char *get_salt(void)
arg = &yescrypt_cost;
}
#endif /* USE_YESCRYPT */
@ -575,15 +545,15 @@ index 48d5178..9003c18 100644
#endif
return crypt_make_salt (crypt_method, arg);
diff --git a/src/newusers.c b/src/newusers.c
index deeb361..149670e 100644
index 08f7979..6effa82 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -58,12 +58,15 @@ static bool rflg = false; /* create a system account */
@@ -60,12 +60,15 @@ static bool rflg = false; /* create a system account */
#ifndef USE_PAM
static /*@null@*//*@observer@*/char *crypt_method = NULL;
#define cflg (NULL != crypt_method)
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
+#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_SM3_CRYPT)
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
+#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT)
static bool sflg = false;
#endif
#ifdef USE_SHA_CRYPT
@ -591,11 +561,11 @@ index deeb361..149670e 100644
#endif /* USE_SHA_CRYPT */
+#ifdef USE_SM3_CRYPT
+static long sm3_rounds = 5000;
+#endif /* USE_SM3_CRYPT */
+#endif
#ifdef USE_BCRYPT
static long bcrypt_rounds = 13;
#endif /* USE_BCRYPT */
@@ -129,6 +132,9 @@ static void usage (int status)
@@ -131,6 +134,9 @@ static void usage (int status)
#endif
#if defined(USE_YESCRYPT)
" YESCRYPT"
@ -605,7 +575,7 @@ index deeb361..149670e 100644
#endif
);
#endif /* !USE_PAM */
@@ -136,11 +142,11 @@ static void usage (int status)
@@ -138,11 +144,11 @@ static void usage (int status)
(void) fputs (_(" -r, --system create system accounts\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
#ifndef USE_PAM
@ -695,21 +665,20 @@ index deeb361..149670e 100644
case 's':
sflg = true;
bad_s = 0;
@@ -680,14 +700,20 @@ static void process_flags (int argc, char **argv)
@@ -687,6 +707,12 @@ static void process_flags (int argc, char **argv)
bad_s = 1;
}
#endif /* USE_YESCRYPT */
- if (bad_s != 0) {
+#if defined(USE_SM3_CRYPT)
+ if (( (0 == strcmp (crypt_method, "SM3"))
+ && (0 == getlong(optarg, &sm3_rounds)))) {
+ bad_s = 1;
+ }
+#endif /* USE_SM3_CRYPT */
+ if (bad_s != 0) {
if (bad_s != 0) {
fprintf (stderr,
_("%s: invalid numeric argument '%s'\n"),
Prog, optarg);
@@ -694,7 +720,7 @@ static void process_flags (int argc, char **argv)
usage (EXIT_FAILURE);
}
break;
@ -718,7 +687,7 @@ index deeb361..149670e 100644
#endif /* !USE_PAM */
default:
usage (EXIT_FAILURE);
@@ -721,14 +747,14 @@ static void process_flags (int argc, char **argv)
@@ -728,14 +754,14 @@ static void process_flags (int argc, char **argv)
static void check_flags (void)
{
#ifndef USE_PAM
@ -735,7 +704,7 @@ index deeb361..149670e 100644
if (cflg) {
if ( (0 != strcmp (crypt_method, "DES"))
@@ -738,6 +764,9 @@ static void check_flags (void)
@@ -745,6 +771,9 @@ static void check_flags (void)
&& (0 != strcmp (crypt_method, "SHA256"))
&& (0 != strcmp (crypt_method, "SHA512"))
#endif /* USE_SHA_CRYPT */
@ -746,11 +715,11 @@ index deeb361..149670e 100644
&& (0 != strcmp (crypt_method, "BCRYPT"))
#endif /* USE_BCRYPT */
diff --git a/src/passwd.c b/src/passwd.c
index 8c6f81a..00711da 100644
index 5d59e8c..20284c6 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -84,7 +84,7 @@ static bool spw_locked = false;
#ifndef USE_PAM
@@ -90,7 +90,7 @@ static bool spw_locked = false;
/*
* Size of the biggest passwd:
- * $6$ 3
@ -758,7 +727,7 @@ index 8c6f81a..00711da 100644
* rounds= 7
* 999999999 9
* $ 1
@@ -93,7 +93,7 @@ static bool spw_locked = false;
@@ -99,7 +99,7 @@ static bool spw_locked = false;
* SHA512 123
* nul 1
*
@ -767,7 +736,7 @@ index 8c6f81a..00711da 100644
*/
static char crypt_passwd[256];
static bool do_update_pwd = false;
@@ -263,6 +263,9 @@ static int new_password (const struct passwd *pw)
@@ -268,6 +268,9 @@ static int new_password (const struct passwd *pw)
#ifdef USE_YESCRYPT
|| (strcmp (method, "YESCRYPT") == 0)
#endif /* USE_YESCRYPT*/

30
shadow.spec
View File

@ -1,6 +1,6 @@
Name: shadow
Version: 4.13
Release: 7
Version: 4.14.3
Release: 1
Epoch: 2
License: BSD and GPLv2+
Summary: Tools for managing accounts and shadow password files
@ -17,21 +17,8 @@ Source7: newusers
# fix unknown item 'LASTLOG_MAX_UID'
Patch0: usermod-unlock.patch
Patch1: backport-useradd-check-if-subid-range-exists-for-user.patch
Patch2: shadow-add-sm3-crypt-support.patch
Patch3: backport-Fix-off-by-one-mistakes.patch
Patch4: backport-Fix-typos-in-length-calculations.patch
Patch5: backport-Correctly-handle-illegal-system-file-in-tz.patch
Patch6: backport-Explicitly-override-only-newlines.patch
Patch7: backport-Prevent-out-of-boundary-access.patch
Patch8: backport-Added-control-character-check.patch
Patch9: backport-Overhaul-valid_field.patch
Patch10: backport-Read-whole-line-in-yes_or_no.patch
Patch11: backport-commonio-free-removed-database-entries.patch
Patch12: backport-semanage-disconnect-to-free-libsemanage-internals.patch
Patch13: backport-run_parts-for-groupadd-and-groupdel.patch
Patch14: shadow-Remove-encrypted-passwd-for-useradd-gr.patch
Patch15: backport-chgpasswd-fix-segfault-in-command-line-options.patch
Patch1: shadow-add-sm3-crypt-support.patch
Patch2: shadow-Remove-encrypted-passwd-for-useradd-gr.patch
BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
BuildRequires: libacl-devel, libattr-devel
@ -82,7 +69,9 @@ autoreconf -fiv
--with-selinux \
--without-libcrack \
--with-libpam \
--without-libbsd \
--enable-shared \
--enable-lastlog \
--with-group-name-max-length=32
%make_build
@ -199,6 +188,13 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.{la,a}
%{_mandir}/*/*
%changelog
* Thu Feb 1 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2:4.14.3-1
- update version to 4.14.3
-Avoid null pointer dereference
-Update utmp at an initial login
-Merge libshadow and libmisc into a single libshadow
-Adding the userdel and groupdel hooks to release tarball
* Wed Sep 20 2023 lvgenggeng <lvgenggeng@uniontech.com> - 2:4.13-7
- backport patches from upstream

26
usermod-unlock.patch
View File

@ -2,14 +2,13 @@ Index: shadow-4.5/src/usermod.c
===================================================================
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -466,14 +466,17 @@ static char *new_pw_passwd (char *pw_pass)
@@ -434,12 +434,17 @@ static char *new_pw_passwd (char *pw_pass)
strcat (buf, pw_pass);
pw_pass = buf;
} else if (Uflg && pw_pass[0] == '!') {
- char *s;
+ char *s = pw_pass;
- if (pw_pass[1] == '\0') {
+ char *s = pw_pass;
+
+ while ('!' == *s)
+ ++s;
+
@ -23,16 +22,9 @@ Index: shadow-4.5/src/usermod.c
}
#ifdef WITH_AUDIT
@@ -482,12 +485,15 @@ static char *new_pw_passwd (char *pw_pass)
user_newname, (unsigned int) user_newid, 0);
#endif
@@ -449,6 +454,13 @@ static char *new_pw_passwd (char *pw_pass)
SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
- s = pw_pass;
- while ('\0' != *s) {
- *s = *(s + 1);
- s++;
- }
+ memmove (pw_pass, s, strlen (s) + 1);
memmove(pw_pass, pw_pass + 1, strlen(pw_pass));
} else if (pflg) {
+ if (strchr (user_pass, ':') != NULL) {
+ fprintf (stderr,
@ -43,8 +35,8 @@ Index: shadow-4.5/src/usermod.c
+ }
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing password",
@@ -536,6 +542,8 @@ static void new_pwent (struct passwd *pwent)
"changing password", user_newname, user_newid, 1);
@@ -495,6 +507,8 @@ static void new_pwent (struct passwd *pwent)
if ( (!is_shadow_pwd)
|| (strcmp (pwent->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
pwent->pw_passwd = new_pw_passwd (pwent->pw_passwd);
@ -53,7 +45,7 @@ Index: shadow-4.5/src/usermod.c
}
if (uflg) {
@@ -650,6 +658,8 @@ static void new_spent (struct spwd *spent)
@@ -611,6 +625,8 @@ static void new_spent (struct spwd *spent)
* + aging has been requested
*/
spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
@ -61,5 +53,5 @@ Index: shadow-4.5/src/usermod.c
+ fail_exit(E_PW_UPDATE);
if (pflg) {
spent->sp_lstchg = (long) gettime () / SCALE;
spent->sp_lstchg = gettime () / SCALE;