poky/meta/recipes-extended/shadow/files/CVE-2023-29383.patch

From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
Date: Thu, 23 Mar 2023 23:39:38 +0000
Subject: [PATCH] Added control character check

Added control character check, returning -1 (to "err") if control characters are present.

CVE: CVE-2023-29383
Upstream-Status: Backport

Reference to upstream:
https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
---
 lib/fields.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/fields.c b/lib/fields.c
index 640be931..fb51b582 100644
--- a/lib/fields.c
+++ b/lib/fields.c
@@ -21,9 +21,9 @@
  *
  * The supplied field is scanned for non-printable and other illegal
  * characters.
- *  + -1 is returned if an illegal character is present.
- *  +  1 is returned if no illegal characters are present, but the field
- *       contains a non-printable character.
+ *  + -1 is returned if an illegal or control character is present.
+ *  +  1 is returned if no illegal or control characters are present,
+ *       but the field contains a non-printable character.
  *  +  0 is returned otherwise.
  */
 int valid_field (const char *field, const char *illegal)
@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
 	}
 
 	if (0 == err) {
-		/* Search if there are some non-printable characters */
+		/* Search if there are non-printable or control characters */
 		for (cp = field; '\0' != *cp; cp++) {
 			if (!isprint (*cp)) {
 				err = 1;
+			}
+			if (!iscntrl (*cp)) {
+				err = -1;
 				break;
 			}
 		}
-- 
2.34.1