From 49c3dd3089001e23c1b671855ffa2380cfcd4af6 Mon Sep 17 00:00:00 2001 From: Julian Elischer Date: Thu, 6 Mar 2014 19:26:08 +0000 Subject: Stop pw(8) from segfaulting when given certain input PR:187310 Submitted by: Kim Shrier Obtained from: bug MFC after: 1 week --- pw/pw_group.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'pw') diff --git a/pw/pw_group.c b/pw/pw_group.c index 3259412..391e477 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -227,10 +227,12 @@ pw_group(struct userconf * cnf, int mode, struct cargs * args) else if (arg->ch == 'm') { int k = 0; - while (grp->gr_mem[k] != NULL) { - if (extendarray(&members, &grmembers, i + 2) != -1) - members[i++] = grp->gr_mem[k]; - k++; + if (grp->gr_mem != NULL) { + while (grp->gr_mem[k] != NULL) { + if (extendarray(&members, &grmembers, i + 2) != -1) + members[i++] = grp->gr_mem[k]; + k++; + } } } @@ -311,6 +313,9 @@ delete_members(char ***members, int *grmembers, int *i, struct carg *arg, int k; struct passwd *pwd; + if (grp->gr_mem == NULL) + return; + k = 0; while (grp->gr_mem[k] != NULL) { matchFound = false; @@ -415,8 +420,10 @@ print_group(struct group * grp, int pretty) printf("Group Name: %-15s #%lu\n" " Members: ", grp->gr_name, (long) grp->gr_gid); - for (i = 0; grp->gr_mem[i]; i++) - printf("%s%s", i ? "," : "", grp->gr_mem[i]); + if (grp->gr_mem != NULL) { + for (i = 0; grp->gr_mem[i]; i++) + printf("%s%s", i ? "," : "", grp->gr_mem[i]); + } fputs("\n\n", stdout); } return EXIT_SUCCESS; -- cgit v1.2.3-56-ge451 From 91f8ae8a9f96936a8affc74e67e8f04333fb0869 Mon Sep 17 00:00:00 2001 From: Julian Elischer Date: Thu, 6 Mar 2014 19:58:03 +0000 Subject: Part 2 of bug 187310.. had to commit separately due to local confusion. Don't let pw crash when give certain input. PR: 187310 Submitted by: Kim Shrier MFC after: 1 week --- pw/pw_user.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) (limited to 'pw') diff --git a/pw/pw_user.c b/pw/pw_user.c index def238c..e49de18 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -425,19 +425,22 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) } grp = GETGRNAM(a_name->val); - if (grp != NULL && *grp->gr_mem == NULL) + if (grp != NULL && + (grp->gr_mem == NULL || *grp->gr_mem == NULL)) delgrent(GETGRNAM(a_name->val)); SETGRENT(); while ((grp = GETGRENT()) != NULL) { int i; char group[MAXLOGNAME]; - for (i = 0; grp->gr_mem[i] != NULL; i++) { - if (!strcmp(grp->gr_mem[i], a_name->val)) { - while (grp->gr_mem[i] != NULL) { - grp->gr_mem[i] = grp->gr_mem[i+1]; - } - strlcpy(group, grp->gr_name, MAXLOGNAME); - chggrent(group, grp); + if (grp->gr_mem != NULL) { + for (i = 0; grp->gr_mem[i] != NULL; i++) { + if (!strcmp(grp->gr_mem[i], a_name->val)) { + while (grp->gr_mem[i] != NULL) { + grp->gr_mem[i] = grp->gr_mem[i+1]; + } + strlcpy(group, grp->gr_name, MAXLOGNAME); + chggrent(group, grp); + } } } } @@ -908,7 +911,8 @@ pw_gidpolicy(struct userconf * cnf, struct cargs * args, char *nam, gid_t prefer errx(EX_NOUSER, "group `%s' is not defined", a_gid->val); } gid = grp->gr_gid; - } else if ((grp = GETGRNAM(nam)) != NULL && grp->gr_mem[0] == NULL) { + } else if ((grp = GETGRNAM(nam)) != NULL && + (grp->gr_mem == NULL || grp->gr_mem[0] == NULL)) { gid = grp->gr_gid; /* Already created? Use it anyway... */ } else { struct cargs grpargs; @@ -1182,14 +1186,16 @@ print_user(struct passwd * pwd, int pretty, int v7) while ((grp=GETGRENT()) != NULL) { int i = 0; - while (grp->gr_mem[i] != NULL) - { - if (strcmp(grp->gr_mem[i], pwd->pw_name)==0) + if (grp->gr_mem != NULL) { + while (grp->gr_mem[i] != NULL) { - printf(j++ == 0 ? " Groups: %s" : ",%s", grp->gr_name); - break; + if (strcmp(grp->gr_mem[i], pwd->pw_name)==0) + { + printf(j++ == 0 ? " Groups: %s" : ",%s", grp->gr_name); + break; + } + ++i; } - ++i; } } ENDGRENT(); -- cgit v1.2.3-56-ge451 From 97bfa6215d5ae5deb9257bae5f2b8ef8e5ad058e Mon Sep 17 00:00:00 2001 From: Devin Teske Date: Thu, 13 Mar 2014 18:16:42 +0000 Subject: Fix pw(8) deletion of group "username" on userdel even if group "username" is not associated with user "username". E.g., user "foo" has primary group "wheel" and is unassociated with group "foo", yet userdel would delete the group "foo" when deleting user "foo" (despite the fact that user "foo" is not associated with group "foo" in any way). Patch committed with minor style(9) changes. PR: bin/169471 Submitted by: Alexander Pyhalov --- pw/pw_user.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'pw') diff --git a/pw/pw_user.c b/pw/pw_user.c index e49de18..4b3f550 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -380,6 +380,8 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) char file[MAXPATHLEN]; char home[MAXPATHLEN]; uid_t uid = pwd->pw_uid; + struct group *gr; + char grname[LOGNAMESIZE]; if (strcmp(pwd->pw_name, "root") == 0) errx(EX_DATAERR, "cannot remove user 'root'"); @@ -406,6 +408,11 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) */ sprintf(file, "%s/%s", _PATH_MAILDIR, pwd->pw_name); strlcpy(home, pwd->pw_dir, sizeof(home)); + gr = GETGRGID(pwd->pw_gid); + if (gr != NULL) + strlcpy(grname, gr->gr_name, LOGNAMESIZE); + else + grname[0] = '\0'; rc = delpwent(pwd); if (rc == -1) @@ -426,7 +433,8 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) grp = GETGRNAM(a_name->val); if (grp != NULL && - (grp->gr_mem == NULL || *grp->gr_mem == NULL)) + (grp->gr_mem == NULL || *grp->gr_mem == NULL) && + strcmp(a_name->val, grname) == 0) delgrent(GETGRNAM(a_name->val)); SETGRENT(); while ((grp = GETGRENT()) != NULL) { -- cgit v1.2.3-56-ge451