From: Serge Hallyn Date: Wed, 2 Jun 2021 03:11:37 +0000 (-0500) Subject: usermod, newusers, prefix: enforce absolute paths for homedir X-Git-Tag: v4.9~15^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F352%2Fhead;p=thirdparty%2Fshadow.git usermod, newusers, prefix: enforce absolute paths for homedir useradd already was enforcing this, but these were not. Signed-off-by: Serge Hallyn --- diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c index 6eb71a727..2e455c406 100644 --- a/libmisc/prefix_flag.c +++ b/libmisc/prefix_flag.c @@ -109,6 +109,12 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char ** return ""; /* if prefix is "/" then we ignore the flag option */ /* should we prevent symbolic link from being used as a prefix? */ + if ( prefix[0] != '/') { + fprintf (shadow_logfd, + _("%s: prefix must be an absolute path\n"), + Prog); + exit (E_BAD_ARG); + } size_t len; len = strlen(prefix) + strlen(PASSWD_FILE) + 2; passwd_db_file = xmalloc(len); diff --git a/src/newusers.c b/src/newusers.c index 90d0a015f..16bf7229c 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -1250,6 +1250,13 @@ int main (int argc, char **argv) /* FIXME: should check for directory */ mode_t mode = getdef_num ("HOME_MODE", 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); + if (newpw.pw_dir[0] != '/') { + fprintf(stderr, + _("%s: line %d: homedir must be an absolute path\n"), + Prog, line); + errors++; + continue; + }; if (mkdir (newpw.pw_dir, mode) != 0) { fprintf (stderr, _("%s: line %d: mkdir %s failed: %s\n"), diff --git a/src/usermod.c b/src/usermod.c index 69afeda04..7870ba575 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1110,6 +1110,12 @@ static void process_flags (int argc, char **argv) } dflg = true; user_newhome = optarg; + if (user_newhome[0] != '/') { + fprintf (stderr, + _("%s: homedir must be an absolute path\n"), + Prog); + exit (E_BAD_ARG); + } break; case 'e': if ('\0' != *optarg) {