File shadow-CVE-2023-29383.patch of Package shadow

Overview Repositories Revisions Requests Users Attributes Meta

File shadow-CVE-2023-29383.patch of Package shadow

Index: shadow-4.8.1/lib/fields.c
===================================================================
--- shadow-4.8.1.orig/lib/fields.c
+++ shadow-4.8.1/lib/fields.c
@@ -44,9 +44,9 @@
  *
  * The supplied field is scanned for non-printable and other illegal
  * characters.
- *  + -1 is returned if an illegal character is present.
- *  +  1 is returned if no illegal characters are present, but the field
- *       contains a non-printable character.
+ *  + -1 is returned if an illegal or control character is present.
+ *  +  1 is returned if no illegal or control characters are present,
+ *       but the field contains a non-printable character.
  *  +  0 is returned otherwise.
  */
 int valid_field (const char *field, const char *illegal)
@@ -60,23 +60,22 @@ int valid_field (const char *field, cons
 
 	/* For each character of field, search if it appears in the list
 	 * of illegal characters. */
+	if (illegal && NULL != strpbrk (field, illegal)) {
+		return -1;
+	}
+
+	/* Search if there are non-printable or control characters */
 	for (cp = field; '\0' != *cp; cp++) {
-		if (strchr (illegal, *cp) != NULL) {
+		unsigned char c = *cp;
+		if (!isprint (c)) {
+			err = 1;
+		}
+		if (iscntrl (c)) {
 			err = -1;
 			break;
 		}
 	}
 
-	if (0 == err) {
-		/* Search if there are some non-printable characters */
-		for (cp = field; '\0' != *cp; cp++) {
-			if (!isprint (*cp)) {
-				err = 1;
-				break;
-			}
-		}
-	}
-
 	return err;
 }

Places

File shadow-CVE-2023-29383.patch of Package shadow

Places