libc's authentication privsep layer performed insufficient username

validation. Repair work mostly by markus and millert, first of all solving the primary problem, then adding some additional validation points. And then futher validation in login and su. This will be 6.5/021_libcauth.patch.sig and 6.6/010_libcauth.patch.sig Reported by Qualys
author: deraadt <deraadt@openbsd.org> 2019-12-04 09:50:47 +0000
committer: deraadt <deraadt@openbsd.org> 2019-12-04 09:50:47 +0000
commit: b458275529e8596f47627eed71b534f261a8b363 (patch)
tree: c21b692733a3bd904d4adc82af4a35752542d0d7 /lib/libc
parent: Fix a bad offset calculation in uvm_share. (diff)
download: wireguard-openbsd-b458275529e8596f47627eed71b534f261a8b363.tar.xz
wireguard-openbsd-b458275529e8596f47627eed71b534f261a8b363.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libc/hidden/bsd_auth.h b/lib/libc/hidden/bsd_auth.h
index 1a6cd7d66f3..2923495e8a1 100644
--- a/lib/libc/hidden/bsd_auth.h
+++ b/lib/libc/hidden/bsd_auth.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bsd_auth.h,v 1.1 2015/09/12 15:20:14 guenther Exp $	*/
+/*	$OpenBSD: bsd_auth.h,v 1.2 2019/12/04 09:50:47 deraadt Exp $	*/
 /*
  * Copyright (c) 2015 Philip Guenther <guenther@openbsd.org>
  *
@@ -20,6 +20,10 @@
 
 #include_next <bsd_auth.h>
 
+__BEGIN_HIDDEN_DECLS
+int _auth_validuser(const char *name);
+__END_HIDDEN_DECLS
+
 PROTO_NORMAL(auth_approval);
 PROTO_NORMAL(auth_call);
 PROTO_NORMAL(auth_cat);
author	deraadt <deraadt@openbsd.org>	2019-12-04 09:50:47 +0000
committer	deraadt <deraadt@openbsd.org>	2019-12-04 09:50:47 +0000
commit	b458275529e8596f47627eed71b534f261a8b363 (patch)
tree	c21b692733a3bd904d4adc82af4a35752542d0d7 /lib/libc
parent	Fix a bad offset calculation in uvm_share. (diff)
download	wireguard-openbsd-b458275529e8596f47627eed71b534f261a8b363.tar.xz wireguard-openbsd-b458275529e8596f47627eed71b534f261a8b363.zip