Date: Sat, 4 Jul 2015 15:54:12 +0000 (UTC) From: Baptiste Daroussin <bapt@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285136 - head/usr.sbin/pw Message-ID: <201507041554.t64FsCxM076209@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bapt Date: Sat Jul 4 15:54:11 2015 New Revision: 285136 URL: https://svnweb.freebsd.org/changeset/base/285136 Log: Also validate inputs of pw groupmod -h and groupmod -H Modified: head/usr.sbin/pw/pw_group.c Modified: head/usr.sbin/pw/pw_group.c ============================================================================== --- head/usr.sbin/pw/pw_group.c Sat Jul 4 15:46:39 2015 (r285135) +++ head/usr.sbin/pw/pw_group.c Sat Jul 4 15:54:11 2015 (r285136) @@ -47,6 +47,50 @@ static void delete_members(char ***membe static int print_group(struct group * grp); static gid_t gr_gidpolicy(struct userconf * cnf, long id); +static void +set_passwd(struct group *grp, bool update) +{ + int b; + int istty; + struct termios t, n; + char *p, line[256]; + + if (conf.fd == '-') { + grp->gr_passwd = "*"; /* No access */ + return; + } + + if ((istty = isatty(conf.fd))) { + n = t; + /* Disable echo */ + n.c_lflag &= ~(ECHO); + tcsetattr(conf.fd, TCSANOW, &n); + printf("%sassword for group %s:", update ? "New p" : "P", + grp->gr_name); + fflush(stdout); + } + b = read(conf.fd, line, sizeof(line) - 1); + if (istty) { /* Restore state */ + tcsetattr(conf.fd, TCSANOW, &t); + fputc('\n', stdout); + fflush(stdout); + } + if (b < 0) + err(EX_OSERR, "-h file descriptor"); + line[b] = '\0'; + if ((p = strpbrk(line, " \t\r\n")) != NULL) + *p = '\0'; + if (!*line) + errx(EX_DATAERR, "empty password read on file descriptor %d", + conf.fd); + if (conf.precrypted) { + if (strchr(line, ':') != 0) + errx(EX_DATAERR, "wrong encrypted passwrd"); + grp->gr_passwd = line; + } else + grp->gr_passwd = pw_pwcrypt(line); +} + int pw_group(int mode, char *name, long id, struct cargs * args) { @@ -156,52 +200,8 @@ pw_group(int mode, char *name, long id, * software. */ - if ((arg = getarg(args, 'h')) != NULL || - (arg = getarg(args, 'H')) != NULL) { - if (strcmp(arg->val, "-") == 0) - grp->gr_passwd = "*"; /* No access */ - else { - int fd = atoi(arg->val); - int precrypt = (arg->ch == 'H'); - int b; - int istty = isatty(fd); - struct termios t; - char *p, line[256]; - - if (istty) { - if (tcgetattr(fd, &t) == -1) - istty = 0; - else { - struct termios n = t; - - /* Disable echo */ - n.c_lflag &= ~(ECHO); - tcsetattr(fd, TCSANOW, &n); - printf("%sassword for group %s:", (mode == M_UPDATE) ? "New p" : "P", grp->gr_name); - fflush(stdout); - } - } - b = read(fd, line, sizeof(line) - 1); - if (istty) { /* Restore state */ - tcsetattr(fd, TCSANOW, &t); - fputc('\n', stdout); - fflush(stdout); - } - if (b < 0) - err(EX_OSERR, "-h file descriptor"); - line[b] = '\0'; - if ((p = strpbrk(line, " \t\r\n")) != NULL) - *p = '\0'; - if (!*line) - errx(EX_DATAERR, "empty password read on file descriptor %d", fd); - if (precrypt) { - if (strchr(line, ':') != NULL) - return EX_DATAERR; - grp->gr_passwd = line; - } else - grp->gr_passwd = pw_pwcrypt(line); - } - } + if (conf.fd != -1) + set_passwd(grp, mode == M_UPDATE); if (((arg = getarg(args, 'M')) != NULL || (arg = getarg(args, 'd')) != NULL ||
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507041554.t64FsCxM076209>