rewrite from / to @ formats overwrites usernames
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adsys (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Noble |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
tracking bug https:/
[ Impact ]
In this code, the string was not zero terminated properly when overwritten resulting in extra characters:
static char *slash_
char *backslash = strchr(username, '\\');
if (backslash != NULL) {
char *ret = malloc(
strcpy(ret, backslash + 1);
strcat(ret, "@");
strncpy(ret + strlen(ret), username, backslash - username);
return ret;
}
return strdup(username);
For instance:
domain.tld\\user was changed to <email address hidden>
So se user cannot login with the domain\user format
[ Test Plan ]
1. On a machine joined to an AD domain with ADsys installed, login with domain\user
=> Without the patch the user cannot log in
=> With the patch the user can log in
[ Where problems could occur ]
Worst case the user still cannot log in
summary: |
- username overwritten during rewrite from / to @ + rewrite from / to @ formats overwrites usernames |
description: | updated |
description: | updated |
tags: |
added: verification-done verification-done-jammy verification-done-noble removed: verification-needed verification-needed-jammy verification-needed-noble |
This bug was fixed in the package adsys - 0.15.1
---------------
adsys (0.15.1) oracular; urgency=medium
* Fix version based tests on released version
adsys (0.15) oracular; urgency=medium
* Fix DCONF policy manager removing user DB on empty policy (LP: #2078245) clang-format- action com/charmbracel et/bubbles com/charmbracel et/bubbletea com/charmbracel et/glamour com/charmbracel et/lipgloss com/fatih/ color com/leonelquint eros/gotext com/spf13/ cobra com/spf13/ viper golang. org/grpc/ cmd/protoc- gen-go- grpc golang. org/grpc golang. org/protobuf com/golangci/ golangci- lint
* Ignore casing in domain/ section of sssd.conf (LP: #2078246)
* Fix parsing of slash usernames (i.e. domain\user) (LP: #2078247)
* Fix errno in get_ticket_path(LP: #2078473)
* Remove XML declaration from glib schemas
* Bump Go version to 1.23
* CI and quality of life changes not impacting package functionality:
- Integrate repo with TiCS quality assessment
- Switch documentation spellchecking to en-GB
- Add text version of certificates tutorial
- Additional code coverage through more testing
- Improvements to the e2e test environment
* Bump dependencies to latest:
- jidicula/
- github.
- github.
- github.
- github.
- github.
- github.
- github.
- github.
- golang.org/x/crypto
- golang.org/x/net
- golang.org/x/sync
- golang.org/x/sys
- golang.org/x/text
- google.
- google.
- google.
- github.
-- Didier Roche-Tolomelli <email address hidden> Mon, 02 Sep 2024 14:05:22 +0200