From fe59ae51c2311842d026285c29da34c51734f499 Mon Sep 17 00:00:00 2001
From: Warner Losh <imp@FreeBSD.org>
Date: Tue, 21 Dec 1999 19:30:09 +0000
Subject: Extra sanity checks in information from file edited by user.  This
 precludes using chfn, et al, to generate a divot in /etc.

Submitted by: Lukasz Luzar
Forgotten about for months by: imp
---
 chpass/edit.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

(limited to 'chpass/edit.c')

diff --git a/chpass/edit.c b/chpass/edit.c
index cfb9513..a8c5cc2 100644
--- a/chpass/edit.c
+++ b/chpass/edit.c
@@ -140,33 +140,33 @@ display(fd, pw)
 	bp = pw->pw_gecos;
 
 	p = strsep(&bp, ",");
-	if (p)
-	  list[E_NAME].save = strdup(p);
+	p = strdup(p ? p : "");
+	list[E_NAME].save = p;
 	if (!list[E_NAME].restricted || !uid)
-	  (void)fprintf(fp, "Full Name: %s\n", p ? p : "");
+	  (void)fprintf(fp, "Full Name: %s\n", p);
 
         p = strsep(&bp, ",");
-	if (p)
-	  list[E_LOCATE].save = strdup(p);
+	p = strdup(p ? p : "");
+	list[E_LOCATE].save = p;
 	if (!list[E_LOCATE].restricted || !uid)
-	  (void)fprintf(fp, "Office Location: %s\n", p ? p : "");
+	  (void)fprintf(fp, "Office Location: %s\n", p);
 
         p = strsep(&bp, ",");
-	if (p)
-	  list[E_BPHONE].save = strdup(p);
+	p = strdup(p ? p : "");
+	list[E_BPHONE].save = p;
 	if (!list[E_BPHONE].restricted || !uid)
-	  (void)fprintf(fp, "Office Phone: %s\n", p ? p : "");
+	  (void)fprintf(fp, "Office Phone: %s\n", p);
 
         p = strsep(&bp, ",");
-	if (p)
-	  list[E_HPHONE].save = strdup(p);
+	p = strdup(p ? p : "");
+	list[E_HPHONE].save = p;
 	if (!list[E_HPHONE].restricted || !uid)
-	  (void)fprintf(fp, "Home Phone: %s\n", p ? p : "");
+	  (void)fprintf(fp, "Home Phone: %s\n", p);
 
-	if (bp!=NULL)
-	  list[E_OTHER].save = strdup(bp);
+	bp = strdup(bp ? bp : "");
+	list[E_OTHER].save = bp;
 	if (!list[E_OTHER].restricted || !uid)
-	  (void)fprintf(fp, "Other information: %s\n", bp ? bp : "");
+	  (void)fprintf(fp, "Other information: %s\n", bp);
 
 	(void)fchown(fd, getuid(), getgid());
 	(void)fclose(fp);
@@ -237,7 +237,7 @@ bad:					(void)fclose(fp);
 	/* Build the gecos field. */
 	len = strlen(list[E_NAME].save) + strlen(list[E_BPHONE].save) +
 	    strlen(list[E_HPHONE].save) + strlen(list[E_LOCATE].save) +
-	    strlen(list[E_OTHER].save) + 4;
+	    strlen(list[E_OTHER].save) + 5;
 	if (!(p = malloc(len)))
 		err(1, NULL);
 	(void)sprintf(pw->pw_gecos = p, "%s,%s,%s,%s,%s", list[E_NAME].save,
-- 
cgit v1.2.3-56-ge451