From 15d3ceac1979629648a7e3eaf5711217ee870fdc Mon Sep 17 00:00:00 2001 From: Julian Elischer Date: Thu, 6 Mar 2014 19:26:08 +0000 Subject: Stop pw(8) from segfaulting when given certain input PR:187310 Submitted by: Kim Shrier Obtained from: bug MFC after: 1 week --- pw/pw_group.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'pw') diff --git a/pw/pw_group.c b/pw/pw_group.c index 3259412..391e477 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -227,10 +227,12 @@ pw_group(struct userconf * cnf, int mode, struct cargs * args) else if (arg->ch == 'm') { int k = 0; - while (grp->gr_mem[k] != NULL) { - if (extendarray(&members, &grmembers, i + 2) != -1) - members[i++] = grp->gr_mem[k]; - k++; + if (grp->gr_mem != NULL) { + while (grp->gr_mem[k] != NULL) { + if (extendarray(&members, &grmembers, i + 2) != -1) + members[i++] = grp->gr_mem[k]; + k++; + } } } @@ -311,6 +313,9 @@ delete_members(char ***members, int *grmembers, int *i, struct carg *arg, int k; struct passwd *pwd; + if (grp->gr_mem == NULL) + return; + k = 0; while (grp->gr_mem[k] != NULL) { matchFound = false; @@ -415,8 +420,10 @@ print_group(struct group * grp, int pretty) printf("Group Name: %-15s #%lu\n" " Members: ", grp->gr_name, (long) grp->gr_gid); - for (i = 0; grp->gr_mem[i]; i++) - printf("%s%s", i ? "," : "", grp->gr_mem[i]); + if (grp->gr_mem != NULL) { + for (i = 0; grp->gr_mem[i]; i++) + printf("%s%s", i ? "," : "", grp->gr_mem[i]); + } fputs("\n\n", stdout); } return EXIT_SUCCESS; -- cgit v1.2.3-56-ge451 From 889d60cc0abedae41354ac84f92cbbb60cc1d5d7 Mon Sep 17 00:00:00 2001 From: Julian Elischer Date: Thu, 6 Mar 2014 19:58:03 +0000 Subject: Part 2 of bug 187310.. had to commit separately due to local confusion. Don't let pw crash when give certain input. PR: 187310 Submitted by: Kim Shrier MFC after: 1 week --- pw/pw_user.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) (limited to 'pw') diff --git a/pw/pw_user.c b/pw/pw_user.c index def238c..e49de18 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -425,19 +425,22 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) } grp = GETGRNAM(a_name->val); - if (grp != NULL && *grp->gr_mem == NULL) + if (grp != NULL && + (grp->gr_mem == NULL || *grp->gr_mem == NULL)) delgrent(GETGRNAM(a_name->val)); SETGRENT(); while ((grp = GETGRENT()) != NULL) { int i; char group[MAXLOGNAME]; - for (i = 0; grp->gr_mem[i] != NULL; i++) { - if (!strcmp(grp->gr_mem[i], a_name->val)) { - while (grp->gr_mem[i] != NULL) { - grp->gr_mem[i] = grp->gr_mem[i+1]; - } - strlcpy(group, grp->gr_name, MAXLOGNAME); - chggrent(group, grp); + if (grp->gr_mem != NULL) { + for (i = 0; grp->gr_mem[i] != NULL; i++) { + if (!strcmp(grp->gr_mem[i], a_name->val)) { + while (grp->gr_mem[i] != NULL) { + grp->gr_mem[i] = grp->gr_mem[i+1]; + } + strlcpy(group, grp->gr_name, MAXLOGNAME); + chggrent(group, grp); + } } } } @@ -908,7 +911,8 @@ pw_gidpolicy(struct userconf * cnf, struct cargs * args, char *nam, gid_t prefer errx(EX_NOUSER, "group `%s' is not defined", a_gid->val); } gid = grp->gr_gid; - } else if ((grp = GETGRNAM(nam)) != NULL && grp->gr_mem[0] == NULL) { + } else if ((grp = GETGRNAM(nam)) != NULL && + (grp->gr_mem == NULL || grp->gr_mem[0] == NULL)) { gid = grp->gr_gid; /* Already created? Use it anyway... */ } else { struct cargs grpargs; @@ -1182,14 +1186,16 @@ print_user(struct passwd * pwd, int pretty, int v7) while ((grp=GETGRENT()) != NULL) { int i = 0; - while (grp->gr_mem[i] != NULL) - { - if (strcmp(grp->gr_mem[i], pwd->pw_name)==0) + if (grp->gr_mem != NULL) { + while (grp->gr_mem[i] != NULL) { - printf(j++ == 0 ? " Groups: %s" : ",%s", grp->gr_name); - break; + if (strcmp(grp->gr_mem[i], pwd->pw_name)==0) + { + printf(j++ == 0 ? " Groups: %s" : ",%s", grp->gr_name); + break; + } + ++i; } - ++i; } } ENDGRENT(); -- cgit v1.2.3-56-ge451 From e6492afede9f8b4ea72e5f914d52ca1caf8d65b6 Mon Sep 17 00:00:00 2001 From: Devin Teske Date: Thu, 13 Mar 2014 18:16:42 +0000 Subject: Fix pw(8) deletion of group "username" on userdel even if group "username" is not associated with user "username". E.g., user "foo" has primary group "wheel" and is unassociated with group "foo", yet userdel would delete the group "foo" when deleting user "foo" (despite the fact that user "foo" is not associated with group "foo" in any way). Patch committed with minor style(9) changes. PR: bin/169471 Submitted by: Alexander Pyhalov --- pw/pw_user.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'pw') diff --git a/pw/pw_user.c b/pw/pw_user.c index e49de18..4b3f550 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -380,6 +380,8 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) char file[MAXPATHLEN]; char home[MAXPATHLEN]; uid_t uid = pwd->pw_uid; + struct group *gr; + char grname[LOGNAMESIZE]; if (strcmp(pwd->pw_name, "root") == 0) errx(EX_DATAERR, "cannot remove user 'root'"); @@ -406,6 +408,11 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) */ sprintf(file, "%s/%s", _PATH_MAILDIR, pwd->pw_name); strlcpy(home, pwd->pw_dir, sizeof(home)); + gr = GETGRGID(pwd->pw_gid); + if (gr != NULL) + strlcpy(grname, gr->gr_name, LOGNAMESIZE); + else + grname[0] = '\0'; rc = delpwent(pwd); if (rc == -1) @@ -426,7 +433,8 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) grp = GETGRNAM(a_name->val); if (grp != NULL && - (grp->gr_mem == NULL || *grp->gr_mem == NULL)) + (grp->gr_mem == NULL || *grp->gr_mem == NULL) && + strcmp(a_name->val, grname) == 0) delgrent(GETGRNAM(a_name->val)); SETGRENT(); while ((grp = GETGRENT()) != NULL) { -- cgit v1.2.3-56-ge451