main/busybox: fix creation of invalid shell entry by adduser

Fixes #5083
Fixes #6742

2 files changed, 36 insertions, 1 deletions

diff --git a/main/busybox/0001-adduser-prevent-creation-from-invalid-entry-without-.patch b/main/busybox/0001-adduser-prevent-creation-from-invalid-entry-without-.patch
new file mode 100644
index 0000000000..0bca3b7b51
--- /dev/null
+++ b/main/busybox/0001-adduser-prevent-creation-from-invalid-entry-without-.patch
@@ -0,0 +1,33 @@
+From 8f0f1d6c9315d10dacdb26ff6cc9059a7a565eb3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Sat, 12 Jan 2019 00:01:34 +0100
+Subject: [PATCH] adduser: prevent creation from invalid entry without -s
+
+If -s is not specified adduser uses get_shell_name() to determine the
+shell it should use for the newly created user. If SHELL is not set this
+function uses getpwnam(3) to determine the shell of the current user and
+returns that.
+
+getpwnam(3) uses static storage and is called again in passwd_study()
+overwriting the memory location get_shell_name() returned a pointer to.
+Thereby potentially creating an entry with an invalid shell.
+
+To fix this xstrdup() the return value of get_shell_name(). This
+approach is also used by crond, ifupdown and svlogd.
+---
+ loginutils/adduser.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/loginutils/adduser.c b/loginutils/adduser.c
+index b2b5be5b3..7e5a85c33 100644
+--- a/loginutils/adduser.c
++++ b/loginutils/adduser.c
+@@ -198,7 +198,7 @@ int adduser_main(int argc UNUSED_PARAM, char **argv)
+ 
+ 	pw.pw_gecos = (char *)"Linux User,,,";
+ 	/* We assume that newly created users "inherit" root's shell setting */
+-	pw.pw_shell = (char *)get_shell_name();
++	pw.pw_shell = xstrdup(get_shell_name());
+ 	pw.pw_dir = NULL;
+ 
+ 	opts = getopt32long(argv, "^"
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index 3b1198579a..26f75bf566 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=busybox
 pkgver=1.29.3
-pkgrel=6
+pkgrel=7
 pkgdesc="Size optimized toolbox of many common UNIX utilities"
 url=http://busybox.net
 arch="all"
@@ -35,6 +35,7 @@ source="https://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
 	0014-miscutils-microcom-Fixed-segfault.patch
 	0015-ip-print-dadfailed-flag.patch
 	0001-cp-optional-reflink-support.patch
+	0001-adduser-prevent-creation-from-invalid-entry-without-.patch
 
 	acpid.logrotate
 	busyboxconfig
@@ -212,6 +213,7 @@ d8926f0e4ed7d2fe5af89ff2a944d781b45b109c9edf1ef2591e7bce2a8bbadd7c8ca814cb3c928a
 8cb91903f2be3620b5500a4e8f4190537c93601282510b82303c3b516141b36ab872aeff5a7f5ae00f270439abab862ceabda531bdf180643da165b2f3b35d9f  0014-miscutils-microcom-Fixed-segfault.patch
 2fdf01e4bb26a3b6fd7ff73649f15eff599d38db1bc61a699576ec9caae2fb37c49d689baca8b1a3a7b2999fbe04751da897518c2fb42d6f21756b468aa7599d  0015-ip-print-dadfailed-flag.patch
 c26e846dc4576a94c376132644ea26755f8cc531fa03b975f2f7e874e2fcbaaca3804ba46849c29b69061b1f411aebedef451418063ec457f88636198dae3be9  0001-cp-optional-reflink-support.patch
+06a341de7b34bbe5d7981366772c2ce46599af3e9640d114aa28f7ba4936489fc00c58d4b09c546409e383ef70ca51da179223a9ef53ed51f3575e652506e08e  0001-adduser-prevent-creation-from-invalid-entry-without-.patch
 aa93095e20de88730f526c6f463cef711b290b9582cdbd8c1ba2bd290019150cbeaa7007c2e15f0362d5b9315dd63f60511878f0ea05e893f4fdfb4a54af3fb1  acpid.logrotate
 924ff0dac14b4f7213618bd1503ae1b251fea9c3ce11dd87a6ad23ac4fca9b3f765afefdc50f39613579f56b200547320977ec815f87f2c69e20b5aeb484116c  busyboxconfig
 1dc5c94708fc4d4129015c0cdd64fbe0edd2794bb10422ac2686db8a4ef06182d306ec89560d0310190c1ed86b8422c13594d2cc2b9281c8895145d5a233cc0c  busyboxconfig-extras