Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 119943

Summary: CAN-2004-0233: Utempter accepts bad devices
Product: [Fedora] Fedora Reporter: Steve Grubb <linux_4ever>
Component: utempterAssignee: Mike A. Harris <mharris>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: mjc
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-04-23 05:28:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 114961    

Description Steve Grubb 2004-04-03 21:12:33 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Gecko/20040308

Description of problem:
I was doing a code audit of the latest version of utempter and I
have spotted a bug. In utempter.c around line 27 is:

    if (strstr(device, "/../") || strstr(device, "/./") ||
        strstr(device, "//")) {
        fprintf(stderr, "a simple path is required\n");
    }
                                                                 
              
I think an exit was omitted. I think it should have been:

    if (strstr(device, "/../") || strstr(device, "/./") ||
        strstr(device, "//")) {
        fprintf(stderr, "a simple path is required\n");
        exit(1);
    }


Version-Release number of selected component (if applicable):
utempter-0.5.4-1

How reproducible:
Always

Steps to Reproduce:
Problem was found in code review.

Additional info:

There are programs that trust the data in the utmp file to be
validated. The utempter program is potentially accepting tty devices
from outside the /dev directory. This is an extremely simple no
brainer to fix.

Please make the above patch before releasing fedora core 2 final.
Comment 1 Mike A. Harris 2004-04-23 05:28:34 UTC 
Thanks for reporting Steve.  We have released erratum for Fedora
Core 1 for this issue, and erratum is in QA testing for all other
OS releases.  Updated package also in Fedora devel.

utempter-0.5.5