(pw_copy): Handle the case of a malformed line in master.passwd

(copy it silently, do not dereference NULL pointer). PR: bin/102848 Reviewed by: security-officer (cperciva) MFC after: 1 week
author: Thomas Quinot <thomas@FreeBSD.org> 2006-09-04 15:09:21 +0000
committer: Thomas Quinot <thomas@FreeBSD.org> 2006-09-04 15:09:21 +0000
commit: 91a8faee2b4b86733f5a230dce6dbf7897298a1a (patch)
tree: 62b1ffd62b902766d3c5a555752756ee94dc67d8 /libutil
parent: 68c3f686a6358e0c20375fead57fe1607f23393f (diff)
download: pw-darwin-91a8faee2b4b86733f5a230dce6dbf7897298a1a.tar.gz
pw-darwin-91a8faee2b4b86733f5a230dce6dbf7897298a1a.tar.zst
pw-darwin-91a8faee2b4b86733f5a230dce6dbf7897298a1a.zip
1 files changed, 11 insertions, 2 deletions
diff --git a/libutil/pw_util.c b/libutil/pw_util.c
index 90c9d72..6d372c0 100644
--- a/libutil/pw_util.c
+++ b/libutil/pw_util.c
@@ -481,13 +481,22 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw)
 		}
 
 		/* is it the one we're looking for? */
+
 		t = *q;
 		*q = '\0';
+
 		fpw = pw_scan(r, PWSCAN_MASTER);
+
+		/*
+		 * fpw is either the struct password for the current line,
+		 * or NULL if the line is malformed.
+		 */
+
 		*q = t;
-		if (strcmp(fpw->pw_name, pw->pw_name) != 0) {
+		if (fpw == NULL || strcmp(fpw->pw_name, pw->pw_name) != 0) {
 			/* nope */
-			free(fpw);
+			if (fpw != NULL)
+				free(fpw);
 			if (write(tfd, p, q - p + 1) != q - p + 1)
 				goto err;
 			++q;
author	Thomas Quinot <thomas@FreeBSD.org>	2006-09-04 15:09:21 +0000
committer	Thomas Quinot <thomas@FreeBSD.org>	2006-09-04 15:09:21 +0000
commit	91a8faee2b4b86733f5a230dce6dbf7897298a1a (patch)
tree	62b1ffd62b902766d3c5a555752756ee94dc67d8 /libutil
parent	68c3f686a6358e0c20375fead57fe1607f23393f (diff)
download	pw-darwin-91a8faee2b4b86733f5a230dce6dbf7897298a1a.tar.gz pw-darwin-91a8faee2b4b86733f5a230dce6dbf7897298a1a.tar.zst pw-darwin-91a8faee2b4b86733f5a230dce6dbf7897298a1a.zip