--- /dev/null
+From faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 10 Feb 2022 12:03:17 +0100
+Subject: [PATCH] chsh, chfn: remove readline support [CVE-2022-0563]
+
+The readline library uses INPUTRC= environment variable to get a path
+to the library config file. When the library cannot parse the
+specified file, it prints an error message containing data from the
+file.
+
+Unfortunately, the library does not use secure_getenv() (or a similar
+concept) to avoid vulnerabilities that could occur if set-user-ID or
+set-group-ID programs.
+
+Reported-by: Rory Mackie <rory.mackie@trailofbits.com>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+
+Upstream-status: Backport
+https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17
+
+CVE: CVE-2022-0563
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ login-utils/Makemodule.am | 2 +-
+ login-utils/chfn.c | 16 +++------------
+ login-utils/chsh.c | 42 ++-------------------------------------
+ 3 files changed, 6 insertions(+), 54 deletions(-)
+
+diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
+index fac5bfc..73636af 100644
+--- a/login-utils/Makemodule.am
++++ b/login-utils/Makemodule.am
+@@ -82,7 +82,7 @@ chfn_chsh_sources = \
+ login-utils/ch-common.c
+ chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS)
+ chfn_chsh_ldflags = $(SUID_LDFLAGS) $(AM_LDFLAGS)
+-chfn_chsh_ldadd = libcommon.la $(READLINE_LIBS)
++chfn_chsh_ldadd = libcommon.la
+
+ if CHFN_CHSH_PASSWORD
+ chfn_chsh_ldadd += -lpam
+diff --git a/login-utils/chfn.c b/login-utils/chfn.c
+index b739555..2f8e44a 100644
+--- a/login-utils/chfn.c
++++ b/login-utils/chfn.c
+@@ -56,11 +56,6 @@
+ # include "auth.h"
+ #endif
+
+-#ifdef HAVE_LIBREADLINE
+-# define _FUNCTION_DEF
+-# include <readline/readline.h>
+-#endif
+-
+ struct finfo {
+ char *full_name;
+ char *office;
+@@ -229,22 +224,17 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question,
+ {
+ int len;
+ char *buf;
+-#ifndef HAVE_LIBREADLINE
+- size_t dummy = 0;
+-#endif
+
+ if (!def_val)
+ def_val = "";
++
+ while (true) {
+ printf("%s [%s]: ", question, def_val);
+ __fpurge(stdin);
+-#ifdef HAVE_LIBREADLINE
+- rl_bind_key('\t', rl_insert);
+- if ((buf = readline(NULL)) == NULL)
+-#else
++
+ if (getline(&buf, &dummy, stdin) < 0)
+-#endif
+ errx(EXIT_FAILURE, _("Aborted."));
++
+ /* remove white spaces from string end */
+ ltrim_whitespace((unsigned char *) buf);
+ len = rtrim_whitespace((unsigned char *) buf);
+diff --git a/login-utils/chsh.c b/login-utils/chsh.c
+index a9ebec8..ee6ff87 100644
+--- a/login-utils/chsh.c
++++ b/login-utils/chsh.c
+@@ -58,11 +58,6 @@
+ # include "auth.h"
+ #endif
+
+-#ifdef HAVE_LIBREADLINE
+-# define _FUNCTION_DEF
+-# include <readline/readline.h>
+-#endif
+-
+ struct sinfo {
+ char *username;
+ char *shell;
+@@ -121,33 +116,6 @@ static void print_shells(void)
+ endusershell();
+ }
+
+-#ifdef HAVE_LIBREADLINE
+-static char *shell_name_generator(const char *text, int state)
+-{
+- static size_t len;
+- char *s;
+-
+- if (!state) {
+- setusershell();
+- len = strlen(text);
+- }
+-
+- while ((s = getusershell())) {
+- if (strncmp(s, text, len) == 0)
+- return xstrdup(s);
+- }
+- return NULL;
+-}
+-
+-static char **shell_name_completion(const char *text,
+- int start __attribute__((__unused__)),
+- int end __attribute__((__unused__)))
+-{
+- rl_attempted_completion_over = 1;
+- return rl_completion_matches(text, shell_name_generator);
+-}
+-#endif
+-
+ /*
+ * parse_argv () --
+ * parse the command line arguments, and fill in "pinfo" with any
+@@ -198,20 +166,14 @@ static char *ask_new_shell(char *question, char *oldshell)
+ {
+ int len;
+ char *ans = NULL;
+-#ifdef HAVE_LIBREADLINE
+- rl_attempted_completion_function = shell_name_completion;
+-#else
+ size_t dummy = 0;
+-#endif
++
+ if (!oldshell)
+ oldshell = "";
+ printf("%s [%s]\n", question, oldshell);
+-#ifdef HAVE_LIBREADLINE
+- if ((ans = readline("> ")) == NULL)
+-#else
+ if (getline(&ans, &dummy, stdin) < 0)
+-#endif
+ return NULL;
++
+ /* remove the newline at the end of ans. */
+ ltrim_whitespace((unsigned char *) ans);
+ len = rtrim_whitespace((unsigned char *) ans);
+--
+2.25.1
+
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
