The branch main has been updated by bapt: URL: https://cgit.FreeBSD.org/src/commit/?id=13f4a37b536b60d559c766b3ec4f2d5d25279ea3
commit 13f4a37b536b60d559c766b3ec4f2d5d25279ea3 Author: Baptiste Daroussin <[email protected]> AuthorDate: 2026-06-04 22:12:24 +0000 Commit: Baptiste Daroussin <[email protected]> CommitDate: 2026-06-05 06:01:24 +0000 pw: fix uninitialized name pointer in pw_group_del The 'name' variable could be left uninitialized if neither the positional argument nor -n is supplied, leading to undefined behavior when passed to getgroup(). --- usr.sbin/pw/pw_group.c | 2 +- usr.sbin/pw/tests/pw_groupdel_test.sh | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/usr.sbin/pw/pw_group.c b/usr.sbin/pw/pw_group.c index 1941c03aa2c5..2840e972af59 100644 --- a/usr.sbin/pw/pw_group.c +++ b/usr.sbin/pw/pw_group.c @@ -367,7 +367,7 @@ pw_group_del(int argc, char **argv, char *arg1) { struct userconf *cnf = NULL; struct group *grp = NULL; - char *name; + char *name = NULL; const char *cfg = NULL; intmax_t id = -1; int ch, rc; diff --git a/usr.sbin/pw/tests/pw_groupdel_test.sh b/usr.sbin/pw/tests/pw_groupdel_test.sh index fa51b3814205..0fb5651944f3 100755 --- a/usr.sbin/pw/tests/pw_groupdel_test.sh +++ b/usr.sbin/pw/tests/pw_groupdel_test.sh @@ -18,6 +18,20 @@ group_do_not_delete_wheel_if_group_unknown_body() { } +atf_test_case group_delete_by_gid cleanup +group_delete_by_gid_head() { + atf_set "descr" "Test deleting a group by gid without providing a name" +} +group_delete_by_gid_body() { + populate_etc_skel + ${PW} groupadd testgroup -g 1000 || atf_fail "Creating test group" + atf_check -s exit:0 -o inline:"testgroup:*:1000:\n" \ + -x ${PW} groupshow 1000 + ${PW} groupdel -g 1000 || atf_fail "Deleting group by gid" +} + + atf_init_test_cases() { - atf_add_test_case group_do_not_delete_wheel_if_group_unknown + atf_add_test_case group_do_not_delete_wheel_if_group_unknown + atf_add_test_case group_delete_by_gid }
