Date: Fri, 13 Mar 2015 00:24:18 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 198554] erroneous data in master.passwd or group cause pw -V command to segfault Message-ID: <bug-198554-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198554 Bug ID: 198554 Summary: erroneous data in master.passwd or group cause pw -V command to segfault Product: Base System Version: 10.1-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: fbsd@centraltech.co.uk When using `pw -V ...`, if either master.passwd or group contains erroneous data then pw will segfault. e.g. as a result of hand editing. Also could be a continuation of bug #187310. To reproduce execute the following in an empty directory: truncate -s 0 master.passwd group && pwd_mkdb -d . master.passwd pw -V . user add test echo 'test1:*:1002:0:0::/home/test1' >> master.passwd pw -V . user add test2 Segmentation fault (core dumped) Similarly for group: truncate -s 0 master.passwd group && pwd_mkdb -d . master.passwd pw -V . user add test echo 'test1:*:1002' >> group pw -V . user add test2 Segmentation fault (core dumped) It doesn't matter what pw -V command you run, if it accesses an erroneous master.passwd/group it segfaults. I first came across it in: FreeBSD 10.1-STABLE #0 r279301: Wed Feb 25 23:49:09 UTC 2015 amd64 and have since updated to r279937 The following fixes the segfaults, but could lead to other issues as the erroneous entries are simply ignored. Index: usr.sbin/pw/pw_vpw.c =================================================================== --- usr.sbin/pw/pw_vpw.c (revision 279937) +++ usr.sbin/pw/pw_vpw.c (working copy) @@ -80,6 +80,9 @@ if (line[linelen - 1 ] == '\n') line[linelen - 1] = '\0'; pw = pw_scan(line, PWSCAN_MASTER); + /* Skip erroneous lines... maybe warn? */ + if (pw == NULL) + continue; if (uid != (uid_t)-1) { if (uid == pw->pw_uid) break; @@ -160,6 +163,9 @@ if (line[linelen - 1 ] == '\n') line[linelen - 1] = '\0'; gr = gr_scan(line); + /* Skip erroneous lines.. maybe warn? */ + if (gr == NULL) + continue; if (gid != (gid_t)-1) { if (gid == gr->gr_gid) break; -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-198554-8>