src/vipw.c: Use string literals to initialize 'Prog'

This avoids using argv[0], which is controlled by the user,
and might inject arbitrary text in stderr and the logs.

Link: <https://github.com/shadow-maint/shadow/issues/959>
Link: <https://github.com/shadow-maint/shadow/pull/960>
Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Karel Zak <kzak@redhat.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Christian Brauner <christian@brauner.io>
Cherry-picked-from: 89c4da43cbe8 ("src/vipw.c: Use string literals to initialize 'Prog'")
Link: <https://github.com/shadow-maint/shadow/pull/962>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/src/vipw.c b/src/vipw.c
index 70dce7aee200edbab22ef3d94c3608629f7632bd..35f3b6bd1059293ff62e96584e20add8c5a0a6f7 100644 (file)
--- a/src/vipw.c
+++ b/src/vipw.c
@@ -52,7 +52,7 @@
 /*
  * Global variables
  */
-const char *Prog;
+static const char *Prog;
 
 static const char *filename, *fileeditname;
 static bool filelocked = false;
@@ -472,7 +472,9 @@ int main (int argc, char **argv)
        bool  editshadow = false;
        bool  do_vigr;
 
-       Prog = Basename (argv[0]);
+       do_vigr = (strcmp(Basename(argv[0]), "vigr") == 0);
+
+       Prog = do_vigr ? "vigr" : "vipw";
        log_set_progname(Prog);
        log_set_logfd(stderr);
 
@@ -482,9 +484,7 @@ int main (int argc, char **argv)
 
        process_root_flag ("-R", argc, argv);
 
-       do_vigr = (strcmp(Prog, "vigr") == 0);
-
-       OPENLOG(do_vigr ? "vigr" : "vipw");
+       OPENLOG(Prog);
 
        {
                /*