From owner-freebsd-bugs@FreeBSD.ORG Fri Mar 13 00:24:19 2015 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 179B49EA for ; Fri, 13 Mar 2015 00:24:19 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ED9BA384 for ; Fri, 13 Mar 2015 00:24:18 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t2D0OIh4028142 for ; Fri, 13 Mar 2015 00:24:18 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 198554] erroneous data in master.passwd or group cause pw -V command to segfault Date: Fri, 13 Mar 2015 00:24:18 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.1-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: fbsd@centraltech.co.uk X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Mar 2015 00:24:19 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198554 Bug ID: 198554 Summary: erroneous data in master.passwd or group cause pw -V command to segfault Product: Base System Version: 10.1-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: fbsd@centraltech.co.uk When using `pw -V ...`, if either master.passwd or group contains erroneous data then pw will segfault. e.g. as a result of hand editing. Also could be a continuation of bug #187310. To reproduce execute the following in an empty directory: truncate -s 0 master.passwd group && pwd_mkdb -d . master.passwd pw -V . user add test echo 'test1:*:1002:0:0::/home/test1' >> master.passwd pw -V . user add test2 Segmentation fault (core dumped) Similarly for group: truncate -s 0 master.passwd group && pwd_mkdb -d . master.passwd pw -V . user add test echo 'test1:*:1002' >> group pw -V . user add test2 Segmentation fault (core dumped) It doesn't matter what pw -V command you run, if it accesses an erroneous master.passwd/group it segfaults. I first came across it in: FreeBSD 10.1-STABLE #0 r279301: Wed Feb 25 23:49:09 UTC 2015 amd64 and have since updated to r279937 The following fixes the segfaults, but could lead to other issues as the erroneous entries are simply ignored. Index: usr.sbin/pw/pw_vpw.c =================================================================== --- usr.sbin/pw/pw_vpw.c (revision 279937) +++ usr.sbin/pw/pw_vpw.c (working copy) @@ -80,6 +80,9 @@ if (line[linelen - 1 ] == '\n') line[linelen - 1] = '\0'; pw = pw_scan(line, PWSCAN_MASTER); + /* Skip erroneous lines... maybe warn? */ + if (pw == NULL) + continue; if (uid != (uid_t)-1) { if (uid == pw->pw_uid) break; @@ -160,6 +163,9 @@ if (line[linelen - 1 ] == '\n') line[linelen - 1] = '\0'; gr = gr_scan(line); + /* Skip erroneous lines.. maybe warn? */ + if (gr == NULL) + continue; if (gid != (gid_t)-1) { if (gid == gr->gr_gid) break; -- You are receiving this mail because: You are the assignee for the bug.