Date: Fri, 30 Oct 2015 00:46:52 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r290174 - head/usr.sbin/pw Message-ID: <201510300046.t9U0kqiS004058@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Fri Oct 30 00:46:52 2015 New Revision: 290174 URL: https://svnweb.freebsd.org/changeset/base/290174 Log: In pw_userlock, set 'name' to NULL when we encounter an all number string because it is also used as an indicator of whether a name or an UID is being used and we may have undefined results as 'name' may contain uninitialized stack contents. MFC after: 2 weeks Modified: head/usr.sbin/pw/pw_user.c Modified: head/usr.sbin/pw/pw_user.c ============================================================================== --- head/usr.sbin/pw/pw_user.c Fri Oct 30 00:33:03 2015 (r290173) +++ head/usr.sbin/pw/pw_user.c Fri Oct 30 00:46:52 2015 (r290174) @@ -282,9 +282,10 @@ pw_userlock(char *arg1, int mode) if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); - if (arg1[strspn(arg1, "0123456789")] == '\0') + if (arg1[strspn(arg1, "0123456789")] == '\0') { id = pw_checkid(arg1, UID_MAX); - else + name = NULL; + } else name = arg1; pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201510300046.t9U0kqiS004058>