commit: 285c64f0fdcb2f69022291aceb74b5ea9b822725
parent 7ea8455aaa574504026dc6d1dcea50fc29a9f6d3
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Sun, 10 Sep 2023 15:50:33 +0200
su: Fail if pwent is NULL, drop reading $SHELL
Diffstat:
M | su.c | 77 | +++++++++++++++++++++++++++++++++++++++-------------------------------------- |
1 file changed, 39 insertions(+), 38 deletions(-)
diff --git a/su.c b/su.c
@@ -116,17 +116,38 @@ main(int argc, char *argv[])
errno = 0;
pwent = getpwnam(username);
- if(errno != 0)
+ if(pwent == NULL)
{
- perror("su: getpwnam");
+ if(errno != 0)
+ {
+ perror("su: getpwnam");
+ }
+ else
+ {
+ fprintf(stderr, "su: getpwnam: No entry found for user %s\n", username);
+ }
+
return 1;
}
+ if(shell == NULL)
+ {
+ if(pwent->pw_shell)
+ {
+ shell = pwent->pw_shell;
+ }
+ else
+ {
+ fprintf(stderr, "su: No shell entry for user %s\n", username);
+ }
+ }
+
fprintf(stderr, "su: Authenticating as %s\n", username);
+
if(getuid() != 0)
{
char *pw_hash = NULL;
- if(pwent && pwent->pw_passwd)
+ if(pwent->pw_passwd)
{
pw_hash = pwent->pw_passwd;
}
@@ -141,8 +162,7 @@ main(int argc, char *argv[])
}
else
{
-
- if(pw_hash && strcmp(pw_hash, "x") == 0)
+ if(pw_hash && pw_hash[0] == 'x' && pw_hash[1] == 0)
{
pw_hash = swent->sp_pwdp;
}
@@ -183,47 +203,28 @@ main(int argc, char *argv[])
}
}
- if(pwent != NULL)
+ if(setgid(pwent->pw_gid) < 0)
{
- if(setgid(pwent->pw_gid) < 0)
- {
- perror("su: setgid");
- }
- if(setuid(pwent->pw_uid) < 0)
- {
- perror("su: setuid");
- }
-
- if(pwent->pw_shell != NULL)
- {
- shell = pwent->pw_shell;
- }
-
- if(pwent->pw_dir != NULL)
- {
- setenv("HOME", pwent->pw_dir, 1);
-
- if(opt_l)
- {
- if(chdir(pwent->pw_dir) != 0) perror("su: chdir");
- }
- }
-
- explicit_bzero(pwent, sizeof(pwent));
- pwent = NULL;
+ perror("su: setgid");
}
-
- if(shell == NULL)
+ if(setuid(pwent->pw_uid) < 0)
{
- /* flawfinder: CWE-807, CWE-20 */
- shell = getenv("SHELL");
+ perror("su: setuid");
}
- if(shell == NULL)
+ if(pwent->pw_dir != NULL)
{
- shell = "/bin/sh";
+ setenv("HOME", pwent->pw_dir, 1);
+
+ if(opt_l)
+ {
+ if(chdir(pwent->pw_dir) != 0) perror("su: chdir");
+ }
}
+ explicit_bzero(pwent, sizeof(pwent));
+ pwent = NULL;
+
setenv("USER", username, 1);
setenv("LOGNAME", username, 1);
setenv("SHELL", shell, 1);