From: Kruti Pendharkar Date: Tue, 3 Jun 2025 06:30:25 +0000 (-0700) Subject: Check if the user name contains any illegal characters. X-Git-Tag: stable-13.1.0~174 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=19eff329af59cc368edbc9bb5587319fd32d7bb2;p=thirdparty%2Fopen-vm-tools.git Check if the user name contains any illegal characters. Verify that the user name whose store will be used to remove and query aliases does not contain any illegal and path traversal characters (backward and forward slashes). --- diff --git a/open-vm-tools/vgauth/common/usercheck.c b/open-vm-tools/vgauth/common/usercheck.c index 3beede2e8..2b4e424da 100644 --- a/open-vm-tools/vgauth/common/usercheck.c +++ b/open-vm-tools/vgauth/common/usercheck.c @@ -1,5 +1,6 @@ /********************************************************* - * Copyright (C) 2011-2016,2019,2023 VMware, Inc. All rights reserved. + * Copyright (c) 2011-2025 Broadcom. All Rights Reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -78,6 +79,8 @@ * Solaris as well, but that path is untested. */ +#define MAX_USER_NAME_LEN 256 + /* * A single retry works for the LDAP case, but try more often in case NIS * or something else has a related issue. Note that a bad username/uid won't @@ -354,12 +357,29 @@ Usercheck_UsernameIsLegal(const gchar *userName) * restricted list for local usernames. */ size_t len; - char *illegalChars = "<>/"; + size_t i = 0; + int backSlashCnt = 0; + /* + * As user names are used to generate its alias store file name/path, it + * should not contain path traversal characters ('/' and '\'). + */ + char *illegalChars = "<>/\\"; len = strlen(userName); - if (strcspn(userName, illegalChars) != len) { + if (len > MAX_USER_NAME_LEN) { return FALSE; } + + while ((i += strcspn(userName + i, illegalChars)) < len) { + /* + * One backward slash is allowed for domain\username separator. + */ + if (userName[i] != '\\' || ++backSlashCnt > 1) { + return FALSE; + } + ++i; + } + return TRUE; } diff --git a/open-vm-tools/vgauth/serviceImpl/alias.c b/open-vm-tools/vgauth/serviceImpl/alias.c index 4e170202c..2a371f9ef 100644 --- a/open-vm-tools/vgauth/serviceImpl/alias.c +++ b/open-vm-tools/vgauth/serviceImpl/alias.c @@ -1,5 +1,6 @@ /********************************************************* - * Copyright (c) 2011-2021, 2023 VMware, Inc. All rights reserved. + * Copyright (c) 2011-2025 Broadcom. All Rights Reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -2803,8 +2804,13 @@ ServiceAliasRemoveAlias(const gchar *reqUserName, /* * We don't verify the user exists in a Remove operation, to allow - * cleanup of deleted user's stores. + * cleanup of deleted user's stores, but we do check whether the + * user name is legal or not. */ + if (!Usercheck_UsernameIsLegal(userName)) { + Warning("%s: Illegal user name '%s'\n", __FUNCTION__, userName); + return VGAUTH_E_FAIL; + } if (!CertVerify_IsWellFormedPEMCert(pemCert)) { return VGAUTH_E_INVALID_CERTIFICATE; @@ -3036,6 +3042,16 @@ ServiceAliasQueryAliases(const gchar *userName, } #endif + /* + * We don't verify the user exists in a Query operation to allow + * cleaning up after a deleted user, but we do check whether the + * user name is legal or not. + */ + if (!Usercheck_UsernameIsLegal(userName)) { + Warning("%s: Illegal user name '%s'\n", __FUNCTION__, userName); + return VGAUTH_E_FAIL; + } + err = AliasLoadAliases(userName, num, aList); if (VGAUTH_E_OK != err) { Warning("%s: failed to load Aliases for '%s'\n", __FUNCTION__, userName);