[Desktop-packages] [Bug 2078247] Re: rewrite from / to @ formats overwrites usernames

Fri, 06 Sep 2024 01:20:37 -0700 

** Description changed:

- [placeholder for https://warthogs.atlassian.net/browse/UDENG-4314]
+ [ Impact ]
+ 
+ In this code, the string was not zero terminated properly when
+ overwritten resulting in extra characters:
+ 
+ static char *slash_to_at_username(const char *username) {
+     char *backslash = strchr(username, '\\');
+     if (backslash != NULL) {
+         char *ret = malloc((strlen(username) + 1) * sizeof(char));
+         strcpy(ret, backslash + 1);
+         strcat(ret, "@");
+         strncpy(ret + strlen(ret), username, backslash - username);
+         return ret;
+     }
+     return strdup(username);
+ 
+ For instance:
+ domain.tld\\user was changed to [email protected]
+ 
+ So se user cannot login with the domain\user format
+ 
+ [ Test Plan ]
+ 
+ 1. On a machine joined to an AD domain with ADsys installed, login with
+ domain\user
+ 
+ => Without the patch the user cannot log in
+ => With the patch the user can log in
+ 
+ 
+ [ Where problems could occur ]
+ 
+ Worst case the user still cannot log in

** Also affects: adsys (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Also affects: adsys (Ubuntu Jammy)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2078247

Title:
  rewrite from / to @ formats overwrites usernames

Status in adsys package in Ubuntu:
  Fix Released
Status in adsys source package in Jammy:
  New
Status in adsys source package in Noble:
  New

Bug description:
  [ Impact ]

  In this code, the string was not zero terminated properly when
  overwritten resulting in extra characters:

  static char *slash_to_at_username(const char *username) {
      char *backslash = strchr(username, '\\');
      if (backslash != NULL) {
          char *ret = malloc((strlen(username) + 1) * sizeof(char));
          strcpy(ret, backslash + 1);
          strcat(ret, "@");
          strncpy(ret + strlen(ret), username, backslash - username);
          return ret;
      }
      return strdup(username);

  For instance:
  domain.tld\\user was changed to [email protected]

  So se user cannot login with the domain\user format

  [ Test Plan ]

  1. On a machine joined to an AD domain with ADsys installed, login
  with domain\user

  => Without the patch the user cannot log in
  => With the patch the user can log in

  
  [ Where problems could occur ]

  Worst case the user still cannot log in

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078247/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to