Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Oct 2012 17:19:44 +0000 (UTC)
From:      Baptiste Daroussin <bapt@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r242319 - head/lib/libutil
Message-ID:  <201210291719.q9THJiP0006462@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bapt
Date: Mon Oct 29 17:19:43 2012
New Revision: 242319
URL: http://svn.freebsd.org/changeset/base/242319

Log:
  make pw_init and gr_init fail if the specified master password or group file is
  a directory.
  
  MFC after:	1 month

Modified:
  head/lib/libutil/gr_util.c
  head/lib/libutil/pw_util.c

Modified: head/lib/libutil/gr_util.c
==============================================================================
--- head/lib/libutil/gr_util.c	Mon Oct 29 16:58:45 2012	(r242318)
+++ head/lib/libutil/gr_util.c	Mon Oct 29 17:19:43 2012	(r242319)
@@ -63,6 +63,8 @@ static const char group_line_format[] = 
 int
 gr_init(const char *dir, const char *group)
 {
+	struct stat st;
+
 	if (dir == NULL) {
 		strcpy(group_dir, _PATH_ETC);
 	} else {
@@ -88,6 +90,15 @@ gr_init(const char *dir, const char *gro
 		}
 		strcpy(group_file, group);
 	}
+
+	if (stat(group_file, &st) == -1)
+		return (-1);
+
+	if (S_ISDIR(st.st_mode)) {
+		errno = EISDIR;
+		return (-1);
+	}
+
 	initialized = 1;
 	return (0);
 }

Modified: head/lib/libutil/pw_util.c
==============================================================================
--- head/lib/libutil/pw_util.c	Mon Oct 29 16:58:45 2012	(r242318)
+++ head/lib/libutil/pw_util.c	Mon Oct 29 17:19:43 2012	(r242319)
@@ -96,6 +96,7 @@ pw_init(const char *dir, const char *mas
 #if 0
 	struct rlimit rlim;
 #endif
+	struct stat st;
 
 	if (dir == NULL) {
 		strcpy(passwd_dir, _PATH_ETC);
@@ -123,6 +124,14 @@ pw_init(const char *dir, const char *mas
 		strcpy(masterpasswd, master);
 	}
 
+	if (stat(masterpasswd, &st) == -1)
+		return (-1);
+
+	if (S_ISDIR(st.st_mode)) {
+		errno = EISDIR;
+		return (-1);
+	}
+
 	/*
 	 * The code that follows is extremely disruptive to the calling
 	 * process, and is therefore disabled until someone can conceive



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210291719.q9THJiP0006462>