Andrew Geissler | 1e488cd | 2023-10-03 09:44:52 -0500 | [diff] [blame] | 1 | From 9122999252c7e21eb7774de11d539748e7bdf46d Mon Sep 17 00:00:00 2001 |
| 2 | From: Simon Josefsson <simon@josefsson.org> |
| 3 | Date: Tue, 29 Aug 2023 06:42:11 +0000 |
| 4 | Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit. |
| 5 | |
| 6 | CVE: CVE-2023-40303 |
| 7 | |
| 8 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d] |
| 9 | |
| 10 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> |
| 11 | --- |
| 12 | src/rcp.c | 42 ++++++++++++++++++++++++------------------ |
| 13 | src/rlogin.c | 12 ++++++------ |
| 14 | src/rsh.c | 26 +++++++++++++------------- |
| 15 | src/rshd.c | 24 ++++++++++++------------ |
| 16 | src/uucpd.c | 16 ++++++++-------- |
| 17 | 5 files changed, 63 insertions(+), 57 deletions(-) |
| 18 | |
| 19 | diff --git a/src/rcp.c b/src/rcp.c |
| 20 | index 7018e35..e504f8a 100644 |
| 21 | --- a/src/rcp.c |
| 22 | +++ b/src/rcp.c |
| 23 | @@ -347,9 +347,10 @@ main (int argc, char *argv[]) |
| 24 | response (); |
| 25 | |
| 26 | if (setuid (userid) == -1) |
| 27 | - { |
| 28 | - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); |
| 29 | - } |
| 30 | + { |
| 31 | + error (EXIT_FAILURE, 0, |
| 32 | + "Could not drop privileges (setuid() failed)"); |
| 33 | + } |
| 34 | |
| 35 | source (argc, argv); |
| 36 | exit (errs); |
| 37 | @@ -358,9 +359,10 @@ main (int argc, char *argv[]) |
| 38 | if (to_option) |
| 39 | { /* Receive data. */ |
| 40 | if (setuid (userid) == -1) |
| 41 | - { |
| 42 | - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); |
| 43 | - } |
| 44 | + { |
| 45 | + error (EXIT_FAILURE, 0, |
| 46 | + "Could not drop privileges (setuid() failed)"); |
| 47 | + } |
| 48 | |
| 49 | sink (argc, argv); |
| 50 | exit (errs); |
| 51 | @@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[]) |
| 52 | free (bp); |
| 53 | |
| 54 | if (setuid (userid) == -1) |
| 55 | - { |
| 56 | - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); |
| 57 | - } |
| 58 | + { |
| 59 | + error (EXIT_FAILURE, 0, |
| 60 | + "Could not drop privileges (setuid() failed)"); |
| 61 | + } |
| 62 | } |
| 63 | source (1, argv + i); |
| 64 | close (rem); |
| 65 | @@ -645,9 +648,10 @@ tolocal (int argc, char *argv[]) |
| 66 | } |
| 67 | |
| 68 | if (seteuid (userid) == -1) |
| 69 | - { |
| 70 | - error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); |
| 71 | - } |
| 72 | + { |
| 73 | + error (EXIT_FAILURE, 0, |
| 74 | + "Could not drop privileges (seteuid() failed)"); |
| 75 | + } |
| 76 | |
| 77 | #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT |
| 78 | sslen = sizeof (ss); |
| 79 | @@ -663,9 +667,10 @@ tolocal (int argc, char *argv[]) |
| 80 | sink (1, vect); |
| 81 | |
| 82 | if (seteuid (effuid) == -1) |
| 83 | - { |
| 84 | - error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); |
| 85 | - } |
| 86 | + { |
| 87 | + error (EXIT_FAILURE, 0, |
| 88 | + "Could not drop privileges (seteuid() failed)"); |
| 89 | + } |
| 90 | |
| 91 | close (rem); |
| 92 | rem = -1; |
| 93 | @@ -1465,9 +1470,10 @@ susystem (char *s, int userid) |
| 94 | |
| 95 | case 0: |
| 96 | if (setuid (userid) == -1) |
| 97 | - { |
| 98 | - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); |
| 99 | - } |
| 100 | + { |
| 101 | + error (EXIT_FAILURE, 0, |
| 102 | + "Could not drop privileges (setuid() failed)"); |
| 103 | + } |
| 104 | |
| 105 | execl (PATH_BSHELL, "sh", "-c", s, NULL); |
| 106 | _exit (127); |
| 107 | diff --git a/src/rlogin.c b/src/rlogin.c |
| 108 | index 9bf9645..a0c1237 100644 |
| 109 | --- a/src/rlogin.c |
| 110 | +++ b/src/rlogin.c |
| 111 | @@ -648,14 +648,14 @@ try_connect: |
| 112 | to get the privileged port that rcmd () uses. We now want, however, |
| 113 | to run as the real user who invoked us. */ |
| 114 | if (seteuid (uid) == -1) |
| 115 | - { |
| 116 | - error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); |
| 117 | - } |
| 118 | + { |
| 119 | + error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); |
| 120 | + } |
| 121 | |
| 122 | if (setuid (uid) == -1) |
| 123 | - { |
| 124 | - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); |
| 125 | - } |
| 126 | + { |
| 127 | + error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); |
| 128 | + } |
| 129 | |
| 130 | doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */ |
| 131 | |
| 132 | diff --git a/src/rsh.c b/src/rsh.c |
| 133 | index 7b9cf22..c8f50d3 100644 |
| 134 | --- a/src/rsh.c |
| 135 | +++ b/src/rsh.c |
| 136 | @@ -278,14 +278,14 @@ main (int argc, char **argv) |
| 137 | *argv = (char *) "rlogin"; |
| 138 | |
| 139 | if (seteuid (getuid ()) == -1) |
| 140 | - { |
| 141 | - error (EXIT_FAILURE, errno, "seteuid() failed"); |
| 142 | - } |
| 143 | - |
| 144 | + { |
| 145 | + error (EXIT_FAILURE, errno, "seteuid() failed"); |
| 146 | + } |
| 147 | + |
| 148 | if (setuid (getuid ()) == -1) |
| 149 | - { |
| 150 | - error (EXIT_FAILURE, errno, "setuid() failed"); |
| 151 | - } |
| 152 | + { |
| 153 | + error (EXIT_FAILURE, errno, "setuid() failed"); |
| 154 | + } |
| 155 | |
| 156 | execv (PATH_RLOGIN, argv); |
| 157 | error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN); |
| 158 | @@ -551,14 +551,14 @@ try_connect: |
| 159 | } |
| 160 | |
| 161 | if (seteuid (uid) == -1) |
| 162 | - { |
| 163 | - error (EXIT_FAILURE, errno, "seteuid() failed"); |
| 164 | - } |
| 165 | + { |
| 166 | + error (EXIT_FAILURE, errno, "seteuid() failed"); |
| 167 | + } |
| 168 | |
| 169 | if (setuid (uid) == -1) |
| 170 | - { |
| 171 | - error (EXIT_FAILURE, errno, "setuid() failed"); |
| 172 | - } |
| 173 | + { |
| 174 | + error (EXIT_FAILURE, errno, "setuid() failed"); |
| 175 | + } |
| 176 | |
| 177 | #ifdef HAVE_SIGACTION |
| 178 | sigemptyset (&sigs); |
| 179 | diff --git a/src/rshd.c b/src/rshd.c |
| 180 | index 707790e..df43edf 100644 |
| 181 | --- a/src/rshd.c |
| 182 | +++ b/src/rshd.c |
| 183 | @@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) |
| 184 | |
| 185 | /* Set the gid, then uid to become the user specified by "locuser" */ |
| 186 | if (setegid ((gid_t) pwd->pw_gid) == -1) |
| 187 | - { |
| 188 | - rshd_error ("Cannot drop privileges (setegid() failed)\n"); |
| 189 | - exit (EXIT_FAILURE); |
| 190 | - } |
| 191 | + { |
| 192 | + rshd_error ("Cannot drop privileges (setegid() failed)\n"); |
| 193 | + exit (EXIT_FAILURE); |
| 194 | + } |
| 195 | |
| 196 | if (setgid ((gid_t) pwd->pw_gid) == -1) |
| 197 | - { |
| 198 | - rshd_error ("Cannot drop privileges (setgid() failed)\n"); |
| 199 | - exit (EXIT_FAILURE); |
| 200 | - } |
| 201 | + { |
| 202 | + rshd_error ("Cannot drop privileges (setgid() failed)\n"); |
| 203 | + exit (EXIT_FAILURE); |
| 204 | + } |
| 205 | |
| 206 | #ifdef HAVE_INITGROUPS |
| 207 | initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */ |
| 208 | @@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) |
| 209 | #endif /* WITH_PAM */ |
| 210 | |
| 211 | if (setuid ((uid_t) pwd->pw_uid) == -1) |
| 212 | - { |
| 213 | - rshd_error ("Cannot drop privileges (setuid() failed)\n"); |
| 214 | - exit (EXIT_FAILURE); |
| 215 | - } |
| 216 | + { |
| 217 | + rshd_error ("Cannot drop privileges (setuid() failed)\n"); |
| 218 | + exit (EXIT_FAILURE); |
| 219 | + } |
| 220 | |
| 221 | /* We'll execute the client's command in the home directory |
| 222 | * of locuser. Note, that the chdir must be executed after |
| 223 | diff --git a/src/uucpd.c b/src/uucpd.c |
| 224 | index 29cfce3..afe24f3 100644 |
| 225 | --- a/src/uucpd.c |
| 226 | +++ b/src/uucpd.c |
| 227 | @@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen) |
| 228 | dologin (pw, sap, salen); |
| 229 | |
| 230 | if (setgid (pw->pw_gid) == -1) |
| 231 | - { |
| 232 | - fprintf (stderr, "setgid() failed"); |
| 233 | - return; |
| 234 | - } |
| 235 | + { |
| 236 | + fprintf (stderr, "setgid() failed"); |
| 237 | + return; |
| 238 | + } |
| 239 | #ifdef HAVE_INITGROUPS |
| 240 | initgroups (pw->pw_name, pw->pw_gid); |
| 241 | #endif |
| 242 | @@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen) |
| 243 | } |
| 244 | |
| 245 | if (setuid (pw->pw_uid) == -1) |
| 246 | - { |
| 247 | - fprintf (stderr, "setuid() failed"); |
| 248 | - return; |
| 249 | - } |
| 250 | + { |
| 251 | + fprintf (stderr, "setuid() failed"); |
| 252 | + return; |
| 253 | + } |
| 254 | |
| 255 | execl (uucico_location, "uucico", NULL); |
| 256 | perror ("uucico server: execl"); |
| 257 | -- |
| 258 | 2.40.0 |