From 8517a3136742981ad794e45454b834c050c3b016 Mon Sep 17 00:00:00 2001
From: Ian Lepore <ian@FreeBSD.org>
Date: Sun, 22 Jul 2018 22:34:20 +0000
Subject: Set the pw_class field to NULL when scanning the non-master passwd
 file. This avoids a null pointer deref in pw_dup(), which assumes that all
 pointers are either NULL or valid.

---
 libc/gen/pw_scan.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libc/gen/pw_scan.c b/libc/gen/pw_scan.c
index a7dbdf2..01146e9 100644
--- a/libc/gen/pw_scan.c
+++ b/libc/gen/pw_scan.c
@@ -170,7 +170,8 @@ __pw_scan(char *bp, struct passwd *pw, int flags)
 		if (p[0])
 			pw->pw_fields |= _PWF_EXPIRE;
 		pw->pw_expire = atol(p);
-	}
+	} else
+		pw->pw_class = NULL;
 	if (!(pw->pw_gecos = strsep(&bp, ":")))		/* gecos */
 		goto fmt;
 	if (pw->pw_gecos[0])
-- 
cgit v1.2.3-56-ge451