| From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 |
| From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> |
| Date: Thu, 23 Mar 2023 23:39:38 +0000 |
| Subject: [PATCH] Added control character check |
| |
| Added control character check, returning -1 (to "err") if control characters are present. |
| |
| CVE: CVE-2023-29383 |
| Upstream-Status: Backport |
| |
| Reference to upstream: |
| https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d |
| |
| Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> |
| --- |
| lib/fields.c | 11 +++++++---- |
| 1 file changed, 7 insertions(+), 4 deletions(-) |
| |
| diff --git a/lib/fields.c b/lib/fields.c |
| index 640be931..fb51b582 100644 |
| --- a/lib/fields.c |
| +++ b/lib/fields.c |
| @@ -21,9 +21,9 @@ |
| * |
| * The supplied field is scanned for non-printable and other illegal |
| * characters. |
| - * + -1 is returned if an illegal character is present. |
| - * + 1 is returned if no illegal characters are present, but the field |
| - * contains a non-printable character. |
| + * + -1 is returned if an illegal or control character is present. |
| + * + 1 is returned if no illegal or control characters are present, |
| + * but the field contains a non-printable character. |
| * + 0 is returned otherwise. |
| */ |
| int valid_field (const char *field, const char *illegal) |
| @@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) |
| } |
| |
| if (0 == err) { |
| - /* Search if there are some non-printable characters */ |
| + /* Search if there are non-printable or control characters */ |
| for (cp = field; '\0' != *cp; cp++) { |
| if (!isprint (*cp)) { |
| err = 1; |
| + } |
| + if (!iscntrl (*cp)) { |
| + err = -1; |
| break; |
| } |
| } |
| -- |
| 2.34.1 |
| |