Bug 119943 - CAN-2004-0233: Utempter accepts bad devices
CAN-2004-0233: Utempter accepts bad devices
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: utempter (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mike A. Harris
David Lawrence
: Security
Depends On:
Blocks: FC2Blocker
  Show dependency treegraph
 
Reported: 2004-04-03 16:12 EST by Steve Grubb
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-04-23 01:28:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2004-04-03 16:12:33 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Gecko/20040308

Description of problem:
I was doing a code audit of the latest version of utempter and I
have spotted a bug. In utempter.c around line 27 is:

    if (strstr(device, "/../") || strstr(device, "/./") ||
        strstr(device, "//")) {
        fprintf(stderr, "a simple path is required\n");
    }
                                                                 
              
I think an exit was omitted. I think it should have been:

    if (strstr(device, "/../") || strstr(device, "/./") ||
        strstr(device, "//")) {
        fprintf(stderr, "a simple path is required\n");
        exit(1);
    }


Version-Release number of selected component (if applicable):
utempter-0.5.4-1

How reproducible:
Always

Steps to Reproduce:
Problem was found in code review.

Additional info:

There are programs that trust the data in the utmp file to be
validated. The utempter program is potentially accepting tty devices
from outside the /dev directory. This is an extremely simple no
brainer to fix.

Please make the above patch before releasing fedora core 2 final.
Comment 1 Mike A. Harris 2004-04-23 01:28:34 EDT
Thanks for reporting Steve.  We have released erratum for Fedora
Core 1 for this issue, and erratum is in QA testing for all other
OS releases.  Updated package also in Fedora devel.

utempter-0.5.5


Note You need to log in before you can comment on or make changes to this bug.