Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 08 Feb 2026 20:50:18 +0000
From:      =?utf-8?Q?Jes=C3=BAs?= Daniel Colmenares Oviedo <dtxdf@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 436af5715cdb - main - flua: Fix SIGSEGV in lua_chown when uid/gid doesn't exist
Message-ID:  <6988f70a.4075d.c63ae2@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch main has been updated by dtxdf:

URL: https://cgit.FreeBSD.org/src/commit/?id=436af5715cdbea87de53d63fcc3762591d93b028

commit 436af5715cdbea87de53d63fcc3762591d93b028
Author:     Jesús Daniel Colmenares Oviedo <dtxdf@FreeBSD.org>
AuthorDate: 2026-02-08 20:35:25 +0000
Commit:     Jesús Daniel Colmenares Oviedo <dtxdf@FreeBSD.org>
CommitDate: 2026-02-08 20:35:25 +0000

    flua: Fix SIGSEGV in lua_chown when uid/gid doesn't exist
    
    When lua_chown is used to call chown(2) internally, it first resolves
    the user and/or group by calling the getpwnam_r(3) and getgrnam_r(3)
    functions, respectively. However, although it checks for errors, it does
    not check when entries are not found (which is not an error), which
    means that the buffer will be set to NULL, and since lua_chown attempts
    to access the NULL structure, it will receive a SIGSEGV signal.
    
    Reviewed by:                    imp@
    Approved by:                    imp@
    Differential Revision:          https://reviews.freebsd.org/D55172
---
 libexec/flua/modules/lposix.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libexec/flua/modules/lposix.c b/libexec/flua/modules/lposix.c
index a25e875045a2..57e78adb1488 100644
--- a/libexec/flua/modules/lposix.c
+++ b/libexec/flua/modules/lposix.c
@@ -100,11 +100,11 @@ lua_chown(lua_State *L)
 		owner = (uid_t)lua_tointeger(L, 2);
 	else if (lua_isstring(L, 2)) {
 		char buf[4096];
-		struct passwd passwd, *pwd;
+		struct passwd passwd, *pwd = NULL;
 
 		error = getpwnam_r(lua_tostring(L, 2), &passwd,
 		    buf, sizeof(buf), &pwd);
-		if (error == 0)
+		if (pwd != NULL && error == 0)
 			owner = pwd->pw_uid;
 		else
 			return (luaL_argerror(L, 2,
@@ -121,11 +121,11 @@ lua_chown(lua_State *L)
 		group = (gid_t)lua_tointeger(L, 3);
 	else if (lua_isstring(L, 3)) {
 		char buf[4096];
-		struct group gr, *grp;
+		struct group gr, *grp = NULL;
 
 		error = getgrnam_r(lua_tostring(L, 3), &gr, buf, sizeof(buf),
 		    &grp);
-		if (error == 0)
+		if (grp != NULL && error == 0)
 			group = grp->gr_gid;
 		else
 			return (luaL_argerror(L, 3,
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6988f70a.4075d.c63ae2>