From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001 From: Simon Josefsson Date: Mon, 31 Jul 2023 13:59:05 +0200 Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit. CVE: CVE-2023-40303 Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d] Signed-off-by: Khem Raj Signed-off-by: Vijay Anusuri --- src/rcp.c | 42 ++++++++++++++++++++++++------------------ src/rlogin.c | 12 ++++++------ src/rsh.c | 24 ++++++++++++------------ src/rshd.c | 24 ++++++++++++------------ src/uucpd.c | 16 ++++++++-------- 5 files changed, 62 insertions(+), 56 deletions(-) diff --git a/src/rcp.c b/src/rcp.c index cdcf8500..652f22e6 100644 --- a/src/rcp.c +++ b/src/rcp.c @@ -347,9 +347,10 @@ main (int argc, char *argv[]) response (); if (setuid (userid) == -1) - { - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); - } + { + error (EXIT_FAILURE, 0, + "Could not drop privileges (setuid() failed)"); + } source (argc, argv); exit (errs); @@ -358,9 +359,10 @@ main (int argc, char *argv[]) if (to_option) { /* Receive data. */ if (setuid (userid) == -1) - { - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); - } + { + error (EXIT_FAILURE, 0, + "Could not drop privileges (setuid() failed)"); + } sink (argc, argv); exit (errs); @@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[]) free (bp); if (setuid (userid) == -1) - { - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); - } + { + error (EXIT_FAILURE, 0, + "Could not drop privileges (setuid() failed)"); + } } source (1, argv + i); close (rem); @@ -645,9 +648,10 @@ tolocal (int argc, char *argv[]) } if (seteuid (userid) == -1) - { - error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); - } + { + error (EXIT_FAILURE, 0, + "Could not drop privileges (seteuid() failed)"); + } #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT sslen = sizeof (ss); @@ -663,9 +667,10 @@ tolocal (int argc, char *argv[]) sink (1, vect); if (seteuid (effuid) == -1) - { - error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); - } + { + error (EXIT_FAILURE, 0, + "Could not drop privileges (seteuid() failed)"); + } close (rem); rem = -1; @@ -1465,9 +1470,10 @@ susystem (char *s, int userid) case 0: if (setuid (userid) == -1) - { - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); - } + { + error (EXIT_FAILURE, 0, + "Could not drop privileges (setuid() failed)"); + } execl (PATH_BSHELL, "sh", "-c", s, NULL); _exit (127); diff --git a/src/rlogin.c b/src/rlogin.c index c543de0c..4360202f 100644 --- a/src/rlogin.c +++ b/src/rlogin.c @@ -648,14 +648,14 @@ try_connect: to get the privileged port that rcmd () uses. We now want, however, to run as the real user who invoked us. */ if (seteuid (uid) == -1) - { - error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); - } + { + error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); + } if (setuid (uid) == -1) - { - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); - } + { + error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); + } doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */ diff --git a/src/rsh.c b/src/rsh.c index 6f60667d..179b47cd 100644 --- a/src/rsh.c +++ b/src/rsh.c @@ -278,14 +278,14 @@ main (int argc, char **argv) *argv = (char *) "rlogin"; if (seteuid (getuid ()) == -1) - { - error (EXIT_FAILURE, errno, "seteuid() failed"); - } + { + error (EXIT_FAILURE, errno, "seteuid() failed"); + } if (setuid (getuid ()) == -1) - { - error (EXIT_FAILURE, errno, "setuid() failed"); - } + { + error (EXIT_FAILURE, errno, "setuid() failed"); + } execv (PATH_RLOGIN, argv); error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN); @@ -551,14 +551,14 @@ try_connect: } if (seteuid (uid) == -1) - { - error (EXIT_FAILURE, errno, "seteuid() failed"); - } + { + error (EXIT_FAILURE, errno, "seteuid() failed"); + } if (setuid (uid) == -1) - { - error (EXIT_FAILURE, errno, "setuid() failed"); - } + { + error (EXIT_FAILURE, errno, "setuid() failed"); + } #ifdef HAVE_SIGACTION sigemptyset (&sigs); diff --git a/src/rshd.c b/src/rshd.c index 707790e7..3a153a18 100644 --- a/src/rshd.c +++ b/src/rshd.c @@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) /* Set the gid, then uid to become the user specified by "locuser" */ if (setegid ((gid_t) pwd->pw_gid) == -1) - { - rshd_error ("Cannot drop privileges (setegid() failed)\n"); - exit (EXIT_FAILURE); - } + { + rshd_error ("Cannot drop privileges (setegid() failed)\n"); + exit (EXIT_FAILURE); + } if (setgid ((gid_t) pwd->pw_gid) == -1) - { - rshd_error ("Cannot drop privileges (setgid() failed)\n"); - exit (EXIT_FAILURE); - } + { + rshd_error ("Cannot drop privileges (setgid() failed)\n"); + exit (EXIT_FAILURE); + } #ifdef HAVE_INITGROUPS initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */ @@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) #endif /* WITH_PAM */ if (setuid ((uid_t) pwd->pw_uid) == -1) - { - rshd_error ("Cannot drop privileges (setuid() failed)\n"); - exit (EXIT_FAILURE); - } + { + rshd_error ("Cannot drop privileges (setuid() failed)\n"); + exit (EXIT_FAILURE); + } /* We'll execute the client's command in the home directory * of locuser. Note, that the chdir must be executed after diff --git a/src/uucpd.c b/src/uucpd.c index 29cfce35..fde7b9c9 100644 --- a/src/uucpd.c +++ b/src/uucpd.c @@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen) dologin (pw, sap, salen); if (setgid (pw->pw_gid) == -1) - { - fprintf (stderr, "setgid() failed"); - return; - } + { + fprintf (stderr, "setgid() failed"); + return; + } #ifdef HAVE_INITGROUPS initgroups (pw->pw_name, pw->pw_gid); #endif @@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen) } if (setuid (pw->pw_uid) == -1) - { - fprintf (stderr, "setuid() failed"); - return; - } + { + fprintf (stderr, "setuid() failed"); + return; + } execl (uucico_location, "uucico", NULL); perror ("uucico server: execl");