Set the pw_class field to NULL when scanning the non-master passwd file.

This avoids a null pointer deref in pw_dup(), which assumes that all
pointers are either NULL or valid.

diff --git a/libc/gen/pw_scan.c b/libc/gen/pw_scan.c
index a7dbdf2cb5b98fd6a866de50c4dca51e1aa55c5e..01146e9111d102670774dd2f3a3181599ddcb665 100644 (file)
--- a/libc/gen/pw_scan.c
+++ b/libc/gen/pw_scan.c
@@ -170,7 +170,8 @@ __pw_scan(char *bp, struct passwd *pw, int flags)
                if (p[0])
                        pw->pw_fields |= _PWF_EXPIRE;
                pw->pw_expire = atol(p);
                if (p[0])
                        pw->pw_fields |= _PWF_EXPIRE;
                pw->pw_expire = atol(p);

-       }
+       } else
+               pw->pw_class = NULL;

        if (!(pw->pw_gecos = strsep(&bp, ":")))         /* gecos */
                goto fmt;
        if (pw->pw_gecos[0])
        if (!(pw->pw_gecos = strsep(&bp, ":")))         /* gecos */
                goto fmt;
        if (pw->pw_gecos[0])