During coverity scan, there are reported four issues
with unbounded source buffer for each usage of input arg
directly with syslog function.
Sample coverity test report for chsh.c file:
1. string_size_argv: argv contains strings with unknown size.
int main (int argc, char **argv)
[...]
4. var_assign_var: Assigning: user = argv[optind]. Both are now tainted.
user = argv[optind];
[...]
CID
5771784: (#1 of 1): Unbounded source buffer (STRING_SIZE)
15. string_size: Passing string user of unknown size to syslog.
SYSLOG ((LOG_INFO, "changed user '%s' shell to '%s'", user, loginsh));
Similar issue is reported three times more:
File: chfn.c, function: main, variable: user
File: passwd.c, function: main, variable: name
File: newgrp.c, function: main, variable: group
This commit is the first approach to fix the reported issues.
The proposed changes add conditions, which verify
the user and group names arguments, including their lengths.
This will not silence the coverity reports, but the change causes
that they are irrelevant and could be ignored.
#include "string/sprintf/snprintf.h"
#include "string/strcpy/strtcpy.h"
#include "string/strdup/xstrdup.h"
+#include "chkname.h"
/*
* name, or the name getlogin() returns.
*/
if (optind < argc) {
+ if (!is_valid_user_name (argv[optind])) {
+ fprintf (stderr, _("%s: Provided user name is not a valid name\n"), Prog);
+ fail_exit (E_NOPERM);
+ }
user = argv[optind];
pw = xgetpwnam (user);
if (NULL == pw) {
#include "shadowlog.h"
#include "string/strcpy/strtcpy.h"
#include "string/strdup/xstrdup.h"
+#include "chkname.h"
+
#ifndef SHELLS_FILE
#define SHELLS_FILE "/etc/shells"
* name, or the name getlogin() returns.
*/
if (optind < argc) {
+ if (!is_valid_user_name (argv[optind])) {
+ fprintf (stderr, _("%s: Provided user name is not a valid name\n"), Prog);
+ fail_exit (1);
+ }
user = argv[optind];
pw = xgetpwnam (user);
if (NULL == pw) {
#include "shadowlog.h"
#include "string/sprintf/snprintf.h"
#include "string/strdup/xstrdup.h"
+#include "chkname.h"
/*
* not "newgrp".
*/
if ((argc > 0) && (argv[0][0] != '-')) {
+ if (!is_valid_group_name (argv[0])) {
+ fprintf (
+ stderr, _("%s: provided group is not a valid group name\n"),
+ Prog);
+ goto failure;
+ }
group = argv[0];
argc--;
argv++;
usage ();
goto failure;
} else if (argv[0] != NULL) {
+ if (!is_valid_group_name (argv[0])) {
+ fprintf (
+ stderr, _("%s: provided group is not a valid group name\n"),
+ Prog);
+ goto failure;
+ }
group = argv[0];
} else {
/*
#include "string/strcpy/strtcpy.h"
#include "string/strdup/xstrdup.h"
#include "time/day_to_str.h"
+#include "chkname.h"
/*
}
myname = xstrdup (pw->pw_name);
if (optind < argc) {
+ if (!is_valid_user_name (argv[optind])) {
+ fprintf (stderr, _("%s: Provided user name is not a valid name\n"), Prog);
+ fail_exit (E_NOPERM);
+ }
name = argv[optind];
} else {
name = myname;
projects / thirdparty / shadow.git / commitdiff
