From feed9a49bec3def4c17281a9fd8c0b830fe4ec95 Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sun, 28 Dec 2008 01:25:56 -0500 Subject: [PATCH] Do not dereference a null pointer for a malformed line in master.passwd. Instead, just copy it silently to prevent programs from bailing. While I'm here, remove some (void) casts. Obtained-from: FreeBSD --- lib/libutil/Makefile | 3 ++- lib/libutil/libutil.h | 4 ++++ lib/libutil/pw_util.c | 24 ++++++++++++++++++------ 3 files changed, 24 insertions(+), 7 deletions(-) diff --git a/lib/libutil/Makefile b/lib/libutil/Makefile index e7c86958c9..b919c0432c 100644 --- a/lib/libutil/Makefile +++ b/lib/libutil/Makefile @@ -4,7 +4,6 @@ LIB= util SHLIB_MAJOR= 4 -CFLAGS+=-I${.CURDIR} -I${.CURDIR}/../../sys CFLAGS+=-DINET6 CFLAGS+=-D_CTYPE_H_DISABLE_MACROS_ SRCS= flopen.c login.c login_tty.c logout.c logwtmp.c pty.c \ @@ -15,6 +14,8 @@ SRCS= flopen.c login.c login_tty.c logout.c logwtmp.c pty.c \ INCS= libutil.h login_cap.h WARNS?= 2 +CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../libc/gen/ + MAN+= flopen.3 login.3 login_auth.3 login_tty.3 logout.3 logwtmp.3 pty.3 \ login_cap.3 login_class.3 login_times.3 login_ok.3 \ _secure_path.3 uucplock.3 property.3 auth.3 realhostname.3 \ diff --git a/lib/libutil/libutil.h b/lib/libutil/libutil.h index 12eeed987a..f90a60d47e 100644 --- a/lib/libutil/libutil.h +++ b/lib/libutil/libutil.h @@ -121,6 +121,10 @@ __END_DECLS #define FPARSELN_UNESCREST 0x08 #define FPARSELN_UNESCALL 0x0f +/* pw_scan() */ +#define PWSCAN_MASTER 0x01 +#define PWSCAN_WARN 0x02 + /* humanize_number(3) */ #define HN_DECIMAL 0x01 #define HN_NOSPACE 0x02 diff --git a/lib/libutil/pw_util.c b/lib/libutil/pw_util.c index a7ac6ef082..532e7991b8 100644 --- a/lib/libutil/pw_util.c +++ b/lib/libutil/pw_util.c @@ -33,7 +33,8 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libutil/pw_util.c,v 1.35 2004/05/18 15:53:58 stefanf Exp $ + * @(#)pw_util.c 8.3 (Berkeley) 4/2/94 + * $FreeBSD: src/lib/libutil/pw_util.c,v 1.38 2007/01/09 01:02:05 imp Exp $ * $DragonFly: src/lib/libutil/pw_util.c,v 1.2 2007/12/30 13:44:33 matthias Exp $ */ @@ -309,8 +310,8 @@ pw_edit(int notsetuid) sigaction(SIGQUIT, &sa_quit, NULL); sigprocmask(SIG_SETMASK, &oldsigset, NULL); if (notsetuid) { - (void)setgid(getgid()); - (void)setuid(getuid()); + setgid(getgid()); + setuid(getuid()); } errno = 0; execlp(editor, basename(editor), tempname, (char *)NULL); @@ -472,13 +473,22 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) } /* is it the one we're looking for? */ + t = *q; *q = '\0'; - fpw = pw_scan(r, _PWSCAN_MASTER); + + fpw = pw_scan(r, PWSCAN_MASTER); + + /* + * fpw is either the struct passwd for the current line, + * or NULL if the line is malformed. + */ + *q = t; - if (strcmp(fpw->pw_name, pw->pw_name) != 0) { + if (fpw == NULL || strcmp(fpw->pw_name, pw->pw_name) != 0) { /* nope */ - free(fpw); + if (fpw != NULL) + free(fpw); if (write(tfd, p, q - p + 1) != q - p + 1) goto err; ++q; @@ -584,6 +594,8 @@ pw_dup(const struct passwd *pw) return (npw); } +#include "pw_scan.h" + /* * Wrapper around an internal libc function */ -- 2.41.0