Florian Weimer 676599b36a Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724] ... This prevents injection of ':' and '\n' into output functions which use the NSS files database syntax. Critical fields (user/group names and file system paths) are checked strictly. For backwards compatibility, the GECOS field is rewritten instead. The getent program is adjusted to use the put*ent functions in libc, instead of local copies. This changes the behavior of getent if user names start with '-' or '+'.		2015-10-02 11:34:13 +02:00
..
nss_db
nss_files
alias-lookup.c
bug17079.c	Fix inconsistent passwd compensation in nss/bug17079.c	2015-09-25 20:20:33 +02:00
bug-erange.c
databases.def
db-Makefile
Depend
digits_dots.c
ethers-lookup.c
function.def
getent.c	Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]	2015-10-02 11:34:13 +02:00
getnssent_r.c
getnssent.c
getXXbyYY_r.c
getXXbyYY.c
getXXent_r.c
getXXent.c
grp-lookup.c
hosts-lookup.c
key-lookup.c
makedb.c
Makefile	Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]	2015-10-02 11:34:13 +02:00
netgrp-lookup.c
network-lookup.c
nss_test1.c
nss.h
nsswitch.c
nsswitch.conf
nsswitch.h
proto-lookup.c
pwd-lookup.c
rewrite_field.c	Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]	2015-10-02 11:34:13 +02:00
rpc-lookup.c
service-lookup.c
sgrp-lookup.c
spwd-lookup.c
test-digits-dots.c
test-netdb.c
tst-field.c	Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]	2015-10-02 11:34:13 +02:00
tst-nss-getpwent.c
tst-nss-static.c
tst-nss-test1.c
valid_field.c	Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]	2015-10-02 11:34:13 +02:00
valid_list_field.c	Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]	2015-10-02 11:34:13 +02:00
Versions
XXX-lookup.c