From 66d9e5fe286aaad023911a859e7b61e780a9740b Mon Sep 17 00:00:00 2001 From: Enji Cooper Date: Mon, 19 Oct 2015 18:29:32 +0000 Subject: Initialize `quiet` to false so `pw groupnext` again prints out the next gid by default Reported by: Florian Degner MFC after: 1 week PR: 203876 Sponsored by: EMC / Isilon Storage Division --- pw/pw_group.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw/pw_group.c b/pw/pw_group.c index 711ef68..67beab9 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -259,7 +259,7 @@ pw_group_next(int argc, char **argv, char *arg1 __unused) struct userconf *cnf; const char *cfg = NULL; int ch; - bool quiet; + bool quiet = false; while ((ch = getopt(argc, argv, "Cq")) != -1) { switch (ch) { -- cgit v1.2.3-56-ge451 From d7268f1e76677b28d0ebecae94276c34bc8cba54 Mon Sep 17 00:00:00 2001 From: Bryan Drewery Date: Thu, 29 Oct 2015 18:29:28 +0000 Subject: Fix unlikely memory leak. It is unlikely since the first check in the function is that dir[0] is '/', but later code changes may make it real. Coverity CID: 1332104 --- pw/pw_user.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 1af8f81..345f642 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -107,8 +107,10 @@ mkdir_home_parents(int dfd, const char *dir) errx(EX_UNAVAILABLE, "out of memory"); tmp = strrchr(dirs, '/'); - if (tmp == NULL) + if (tmp == NULL) { + free(dirs); return; + } tmp[0] = '\0'; /* -- cgit v1.2.3-56-ge451 From 53d5541556909952101aae809c6d30717ab497d0 Mon Sep 17 00:00:00 2001 From: Xin LI Date: Fri, 30 Oct 2015 00:46:52 +0000 Subject: In pw_userlock, set 'name' to NULL when we encounter an all number string because it is also used as an indicator of whether a name or an UID is being used and we may have undefined results as 'name' may contain uninitialized stack contents. MFC after: 2 weeks --- pw/pw_user.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 345f642..5c168ab 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -282,9 +282,10 @@ pw_userlock(char *arg1, int mode) if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); - if (arg1[strspn(arg1, "0123456789")] == '\0') + if (arg1[strspn(arg1, "0123456789")] == '\0') { id = pw_checkid(arg1, UID_MAX); - else + name = NULL; + } else name = arg1; pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); -- cgit v1.2.3-56-ge451 From 42c74a30927e0f5a7c28809ed3df548911bf17a1 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Wed, 2 Dec 2015 22:01:37 +0000 Subject: Fix handling of numeric-only names with pw lock Add a regression test about it PR: 204968 MFC after: 1 week --- pw/pw_user.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 5c168ab..61c2440 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -274,7 +274,7 @@ pw_userlock(char *arg1, int mode) char *passtmp = NULL; char *name; bool locked = false; - uid_t id; + uid_t id = (uid_t)-1; if (geteuid() != 0) errx(EX_NOPERM, "you must be root"); @@ -282,16 +282,19 @@ pw_userlock(char *arg1, int mode) if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); - if (arg1[strspn(arg1, "0123456789")] == '\0') { - id = pw_checkid(arg1, UID_MAX); - name = NULL; - } else - name = arg1; + name = arg1; + if (arg1[strspn(name, "0123456789")] == '\0') + id = pw_checkid(name, UID_MAX); - pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + pwd = GETPWNAM(pw_checkname(name, 0)); + if (pwd == NULL && id != (uid_t)-1) { + pwd = GETPWUID(id); + if (pwd != NULL) + name = pwd->pw_name; + } if (pwd == NULL) { - if (name == NULL) - errx(EX_NOUSER, "no such uid `%ju'", (uintmax_t) id); + if (id == (uid_t)-1) + errx(EX_NOUSER, "no such name or uid `%ju'", (uintmax_t) id); errx(EX_NOUSER, "no such user `%s'", name); } -- cgit v1.2.3-56-ge451 From 37f903568b33e005010ceea4921219edbe23ba39 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Wed, 2 Dec 2015 22:35:25 +0000 Subject: pw_checkname since the beginning if too strict on GECOS field, relax it a bit so gecos can be used to store multibytes data. This was unseen before FreeBSD 10.2 as this validation function was motly unused since FreeBSD 10.2 the usage of this function has been generalized to improve validation. Reported by: des MFC after: 1 week --- pw/pw_user.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 61c2440..30a2749 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -642,7 +642,8 @@ pw_checkname(char *name, int gecos) } if (!reject) { while (*ch) { - if (strchr(badchars, *ch) != NULL || *ch < ' ' || + if (strchr(badchars, *ch) != NULL || + (!gecos && *ch < ' ') || *ch == 127) { reject = 1; break; -- cgit v1.2.3-56-ge451 From 764d9def266a32c90e034a2275bef7bc4658d767 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Mon, 28 Dec 2015 23:57:22 +0000 Subject: Restore dryrun support for pw groupmod --- pw/pw_group.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pw/pw_group.c b/pw/pw_group.c index 67beab9..289a4c8 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -664,6 +664,11 @@ pw_group_mod(int argc, char **argv, char *arg1) grp_add_members(&grp, newmembers); } + if (dryrun) { + print_group(grp, pretty); + return (EXIT_SUCCESS); + } + if ((rc = chggrent(name, grp)) != 0) { if (rc == -1) errx(EX_IOERR, "group '%s' not available (NIS?)", -- cgit v1.2.3-56-ge451 From f80a3677a5167b9e85bbc2a622456232fd4668f5 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 29 Dec 2015 00:02:08 +0000 Subject: Remove useless assignement of linelen --- pw/pw_vpw.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/pw/pw_vpw.c b/pw/pw_vpw.c index a23c66e..2d1c75b 100644 --- a/pw/pw_vpw.c +++ b/pw/pw_vpw.c @@ -70,7 +70,6 @@ vnextpwent(char const *nam, uid_t uid, int doclose) pw = NULL; line = NULL; linecap = 0; - linelen = 0; if (pwd_fp != NULL || (pwd_fp = fopen(getpwpath(_MASTERPASSWD), "r")) != NULL) { while ((linelen = getline(&line, &linecap, pwd_fp)) > 0) { @@ -153,7 +152,6 @@ vnextgrent(char const *nam, gid_t gid, int doclose) gr = NULL; line = NULL; linecap = 0; - linelen = 0; if (grp_fp != NULL || (grp_fp = fopen(getgrpath(_GROUP), "r")) != NULL) { while ((linelen = getline(&line, &linecap, grp_fp)) > 0) { -- cgit v1.2.3-56-ge451 From 41aabc08b56276751e6538be1017556a832dc05a Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 29 Dec 2015 00:08:32 +0000 Subject: Simplify code for parsing extra groups --- pw/pw_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw/pw_conf.c b/pw/pw_conf.c index e9606b4..d30c80e 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -313,7 +313,7 @@ read_userconfig(char const * file) ? NULL : newstr(q); break; case _UC_EXTRAGROUPS: - for (i = 0; q != NULL; q = strtok(NULL, toks)) { + while ((q = strtok(NULL, toks)) != NULL) { if (config.groups == NULL) config.groups = sl_init(); sl_add(config.groups, newstr(q)); -- cgit v1.2.3-56-ge451