* NEWS, src/login.c: Fix an "audit log injection" vulnerability in

login. This is similar to CVE-2008-1926 (util-linux-ng's login).
	This vulnerability makes it easier for attackers to hide
	activities by modifying portions of log events, e.g. by appending
	an addr= statement to the login name.
	* lib/prototypes.h: Added definition of AUDIT_NO_ID.

ChangeLog

@@ -1,3 +1,12 @@
+2008-06-26  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, src/login.c: Fix an "audit log injection" vulnerability in
+	login. This is similar to CVE-2008-1926 (util-linux-ng's login).
+	This vulnerability makes it easier for attackers to hide
+	activities by modifying portions of log events, e.g. by appending
+	an addr= statement to the login name.
+	* lib/prototypes.h: Added definition of AUDIT_NO_ID.
+
 2008-05-25  Nicolas François  <nicolas.francois@centraliens.net>
 
 	Prepare the 4.1.2 release

NEWS

@@ -1,5 +1,13 @@
 $Id$
 
+shadow-4.1.2 -> shadow-4.1.2.1						UNRELEASED
+
+*** security
+- Fix an "audit log injection" vulnerability in login.
+  This vulnerability makes it easier for attackers to hide activities by
+  modifying portions of log events, e.g. by appending an addr= statement
+  to the login name.
+
 shadow-4.1.1 -> shadow-4.1.2						25-05-2008
 
 *** security:

lib/prototypes.h

@@ -126,6 +126,8 @@ extern int hushed (const struct passwd *);
 #ifdef WITH_AUDIT
 extern int audit_fd;
 extern void audit_help_open (void);
+/* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
+#define AUDIT_NO_ID	((unsigned int) -1)
 extern void audit_logger (int type, const char *pgname, const char *op,
 			  const char *name, unsigned int id, int result);
 #endif

src/login.c

@@ -694,30 +694,19 @@ int main (int argc, char **argv)
 			    break;
 
 #ifdef WITH_AUDIT
-				{
-					struct passwd *pw;
-					char buf[64];
-
-					audit_fd = audit_open ();
-					/* local, no need for xgetpwnam */
-					pw = getpwnam (username);
-					if (pw) {
-						snprintf (buf, sizeof (buf),
-						  "uid=%d", pw->pw_uid);
-						audit_log_user_message
-						    (audit_fd, AUDIT_USER_LOGIN,
-						     buf, hostname, NULL,
-						     tty, 0);
-					} else {
-						snprintf (buf, sizeof (buf),
-							  "acct=%s", username);
-						audit_log_user_message
-						    (audit_fd, AUDIT_USER_LOGIN,
-						     buf, hostname, NULL,
-						     tty, 0);
-					}
-					close (audit_fd);
-				}
+			  audit_fd = audit_open ();
+			  audit_log_acct_message (audit_fd,
+			                          AUDIT_USER_LOGIN,
+			                          NULL,    /* Prog. name */
+			                          "login",
+			                          (NULL!=username)?username
+			                                          :"(unknown)",
+			                          AUDIT_NO_ID,
+			                          hostname,
+			                          NULL,    /* addr */
+			                          tty,
+			                          0);      /* result */
+			  close (audit_fd);
 #endif				/* WITH_AUDIT */
 
 			  fprintf(stderr,"\nLogin incorrect\n");
@@ -978,15 +967,18 @@ int main (int argc, char **argv)
 	}
 
 #ifdef WITH_AUDIT
-	{
-		char buf[32];
-
-		audit_fd = audit_open ();
-		snprintf (buf, sizeof (buf), "uid=%d", pwd->pw_uid);
-		audit_log_user_message (audit_fd, AUDIT_USER_LOGIN,
-					buf, hostname, NULL, tty, 1);
-		close (audit_fd);
-	}
+	audit_fd = audit_open ();
+	audit_log_acct_message (audit_fd,
+	                        AUDIT_USER_LOGIN,
+	                        NULL,    /* Prog. name */
+	                        "login",
+	                        NULL,    /* user's name => use uid */
+	                        (unsigned int) pwd->pw_uid,
+	                        hostname,
+	                        NULL,    /* addr */
+	                        tty,
+	                        1);      /* result */
+	close (audit_fd);
 #endif				/* WITH_AUDIT */
 
 #ifndef USE_PAM			/* pam_lastlog handles this */