Browse Source

Pull in patch from current:

Errata:
A format string vulnerability exists in the pw_error(3) function. This
manifests itself as a security hole in the chpass utility.
Fix:
warnx?/errx? paranoia (use "%s" not a bare string unless it is a
constant).  These are not security holes but it is worth fixing
them anyway both for robustness and so folks looking for examples
in the tree are not misled into doing something potentially dangerous.
Furthermore, it is a bad idea to assume that pathnames will not
include '%' in them and that error routines don't return strings
with '%' in them (especially in light of the possibility of locales).
OPENBSD_2_7
jason 24 years ago
parent
commit
c143b05067
1 changed files with 3 additions and 3 deletions
  1. +3
    -3
      src/lib/libutil/passwd.c

+ 3
- 3
src/lib/libutil/passwd.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: passwd.c,v 1.20 1998/11/16 07:10:32 deraadt Exp $ */
/* $OpenBSD: passwd.c,v 1.20.6.1 2000/10/04 00:44:22 jason Exp $ */
/* /*
* Copyright (c) 1987, 1993, 1994, 1995 * Copyright (c) 1987, 1993, 1994, 1995
@ -34,7 +34,7 @@
*/ */
#if defined(LIBC_SCCS) && !defined(lint) #if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: passwd.c,v 1.20 1998/11/16 07:10:32 deraadt Exp $";
static char rcsid[] = "$OpenBSD: passwd.c,v 1.20.6.1 2000/10/04 00:44:22 jason Exp $";
#endif /* LIBC_SCCS and not lint */ #endif /* LIBC_SCCS and not lint */
#include <sys/types.h> #include <sys/types.h>
@ -579,7 +579,7 @@ pw_error(name, err, eval)
char *master = pw_file(_PATH_MASTERPASSWD); char *master = pw_file(_PATH_MASTERPASSWD);
if (err) if (err)
warn(name);
warn("%s", name);
if (master) if (master)
warnx("%s: unchanged", master); warnx("%s: unchanged", master);
pw_abort(); pw_abort();


Loading…
Cancel
Save