diff options
author | Thomas Quinot <thomas@FreeBSD.org> | 2006-09-04 15:09:21 +0000 |
---|---|---|
committer | Thomas Quinot <thomas@FreeBSD.org> | 2006-09-04 15:09:21 +0000 |
commit | 91a8faee2b4b86733f5a230dce6dbf7897298a1a (patch) | |
tree | 62b1ffd62b902766d3c5a555752756ee94dc67d8 /libutil | |
parent | 68c3f686a6358e0c20375fead57fe1607f23393f (diff) | |
download | pw-darwin-91a8faee2b4b86733f5a230dce6dbf7897298a1a.tar.gz pw-darwin-91a8faee2b4b86733f5a230dce6dbf7897298a1a.tar.zst pw-darwin-91a8faee2b4b86733f5a230dce6dbf7897298a1a.zip |
(pw_copy): Handle the case of a malformed line in master.passwd
(copy it silently, do not dereference NULL pointer).
PR: bin/102848
Reviewed by: security-officer (cperciva)
MFC after: 1 week
Diffstat (limited to 'libutil')
-rw-r--r-- | libutil/pw_util.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/libutil/pw_util.c b/libutil/pw_util.c index 90c9d72..6d372c0 100644 --- a/libutil/pw_util.c +++ b/libutil/pw_util.c @@ -481,13 +481,22 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) } /* is it the one we're looking for? */ + t = *q; *q = '\0'; + fpw = pw_scan(r, PWSCAN_MASTER); + + /* + * fpw is either the struct password for the current line, + * or NULL if the line is malformed. + */ + *q = t; - if (strcmp(fpw->pw_name, pw->pw_name) != 0) { + if (fpw == NULL || strcmp(fpw->pw_name, pw->pw_name) != 0) { /* nope */ - free(fpw); + if (fpw != NULL) + free(fpw); if (write(tfd, p, q - p + 1) != q - p + 1) goto err; ++q; |