diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2019-12-04 09:51:10 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2019-12-04 09:51:10 +0000 |
| commit | c42e2ddc5f86ed98cb3db51afbdb8e65a14954cb (patch) | |
| tree | 355331c25f2479f86d8d219659040a5d220424fe /usr.bin/su | |
| parent | 6ee6370dee8034e683958cc53531e348e14fc8ab (diff) | |
libc's authentication privsep layer performed insufficient username
validation. Repair work mostly by markus and millert, first of all
solving the primary problem, then adding some additional validation
points. And then futher validation in login and su.
This will be 6.5/021_libcauth.patch.sig and 6.6/010_libcauth.patch.sig
Reported by Qualys
Diffstat (limited to 'usr.bin/su')
| -rw-r--r-- | usr.bin/su/su.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 0b89b4821c2..728b3a8d34c 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -1,4 +1,4 @@ -/* $OpenBSD: su.c,v 1.77 2019/09/14 17:47:01 semarie Exp $ */ +/* $OpenBSD: su.c,v 1.78 2019/12/04 09:51:09 deraadt Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -149,11 +149,11 @@ main(int argc, char **argv) if (pwd == NULL) auth_errx(as, 1, "who are you?"); if ((username = strdup(pwd->pw_name)) == NULL) - auth_errx(as, 1, "can't allocate memory"); + auth_err(as, 1, NULL); if (asme && !altshell) { if (pwd->pw_shell && *pwd->pw_shell) { if ((shell = strdup(pwd->pw_shell)) == NULL) - auth_errx(as, 1, "can't allocate memory"); + auth_err(as, 1, NULL); } else { shell = _PATH_BSHELL; iscsh = NO; @@ -196,7 +196,7 @@ main(int argc, char **argv) auth_clean(as); if (auth_setitem(as, AUTHV_INTERACTIVE, "True") != 0 || auth_setitem(as, AUTHV_NAME, user) != 0) - auth_errx(as, 1, "can't allocate memory"); + auth_err(as, 1, NULL); if ((user = auth_getitem(as, AUTHV_NAME)) == NULL) auth_errx(as, 1, "internal error"); if (auth_setpwd(as, NULL) || (pwd = auth_getpwd(as)) == NULL) { @@ -225,6 +225,8 @@ main(int argc, char **argv) } fprintf(stderr, "Login incorrect\n"); } + if (pwd == NULL) + auth_errx(as, 1, "internal error"); if (pledge("stdio unveil rpath getpw exec id", NULL) == -1) err(1, "pledge"); @@ -236,7 +238,7 @@ main(int argc, char **argv) auth_errx(as, 1, "permission denied (shell)."); } else if (pwd->pw_shell && *pwd->pw_shell) { if ((shell = strdup(pwd->pw_shell)) == NULL) - auth_errx(as, 1, "can't allocate memory"); + auth_err(as, 1, NULL); iscsh = UNSET; } else { shell = _PATH_BSHELL; |