Package: chntpw
Severity: normal
Dear Maintainer,
I have discovered that the utility chntpw fails to parse its
command line on an AArch64 machine, e.g. ,the following
invocation
# chntpw -l SAM
in the directory Windows/System32/config of a volume
that contains a Windows installation prints the usage
help instead of the user list.
This happens because command line parsing in chntpw
assumes that char is signed that is not true on the AArch64
platform. The attached patch fixes the issue.
-- System Information:
Debian Release: 13.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: arm64 (aarch64)
Kernel: Linux 6.12.33+deb13-arm64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--
Sincerely yours,
Al Korv
>From 894257a31dc739062ecc720e8cd002698f03ffee Mon Sep 17 00:00:00 2001
From: Al Korv <[email protected]>
Date: Sat, 26 Jul 2025 12:44:04 +0000
Subject: [PATCH] Fix command line parsing in chntpw
chntpw assigns the return value of getopt() to the variable of type
char and then compares it with 0 to determine when to stop parsing
the command line options. However, it's implementation-defined whether
char is signed thus the the program is not portable; if char is unsigned
and getopt() returns -1, then the value is interpreted as 255 thus the
comparison with 0 doesn't break the command line parsing loop and the
inner switch statement interprets this value as an unknown option and
terminates the program.
The patch fixes the problem by assigning the return value of getopt()
to the variable of type int.
---
chntpw.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/chntpw.c b/chntpw.c
index 64296ee..234cf33 100644
--- a/chntpw.c
+++ b/chntpw.c
@@ -1026,7 +1026,8 @@ int main(int argc, char **argv)
int mode = HMODE_INFO;
extern int /* opterr, */ optind;
extern char* optarg;
- char *filename,c;
+ char *filename;
+ int c;
char *who = "Administrator";
char iwho[100];
FILE *ch; /* Write out names of touched files to this */
--
2.43.0
