Merged, thanks!
Justus
Quoting James Clarke (2015-09-29 19:06:46)
> The getpwnam_r and similar functions only return non-zero on error, but not
> finding the given name/UID/GID does not count as an error. When they return 0,
> the value of the result (*result when looking at the arguments in the man
> pages)
> still needs to be checked for null.
>
> * libshouldbeinlibc/idvec-rep.c (lookup_uid): Check result for null.
> (lookup_gid): Likewise.
> * libshouldbeinlibc/idvec-verify.c (verify_passwd): Likewise.
> (verify_id): Likewise.
> ---
> libshouldbeinlibc/idvec-rep.c| 4 ++--
> libshouldbeinlibc/idvec-verify.c | 7 ---
> 2 files changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/libshouldbeinlibc/idvec-rep.c b/libshouldbeinlibc/idvec-rep.c
> index 16408a4..4fc7712 100644
> --- a/libshouldbeinlibc/idvec-rep.c
> +++ b/libshouldbeinlibc/idvec-rep.c
> @@ -129,7 +129,7 @@ lookup_uid (uid_t uid)
> {
>char buf[1024];
>struct passwd _pw, *pw;
> - if (getpwuid_r (uid, &_pw, buf, sizeof buf, &pw) == 0)
> + if (getpwuid_r (uid, &_pw, buf, sizeof buf, &pw) == 0 && pw)
> return strdup (pw->pw_name);
>else
> return 0;
> @@ -141,7 +141,7 @@ lookup_gid (gid_t gid)
> {
>char buf[1024];
>struct group _gr, *gr;
> - if (getgrgid_r (gid, &_gr, buf, sizeof buf, &gr) == 0)
> + if (getgrgid_r (gid, &_gr, buf, sizeof buf, &gr) == 0 && gr)
> return strdup (gr->gr_name);
>else
> return 0;
> diff --git a/libshouldbeinlibc/idvec-verify.c
> b/libshouldbeinlibc/idvec-verify.c
> index 4d9b6db..4019a04 100644
> --- a/libshouldbeinlibc/idvec-verify.c
> +++ b/libshouldbeinlibc/idvec-verify.c
> @@ -107,7 +107,8 @@ verify_passwd (const char *password,
> return pw->pw_passwd;
> }
>
> - if (getpwuid_r (wheel_uid, &_pw, lookup_buf, sizeof lookup_buf, &pw))
> + if (getpwuid_r (wheel_uid, &_pw, lookup_buf, sizeof lookup_buf, &pw)
> + || ! pw)
> return errno ?: EINVAL;
>
>sys_encrypted = check_shadow (pw);
> @@ -266,7 +267,7 @@ verify_id (uid_t id, int is_group, int multiple,
> {
> struct group _gr, *gr;
> if (getgrgid_r (id, &_gr, id_lookup_buf, sizeof id_lookup_buf,
> &gr)
> - == 0)
> + == 0 && gr)
> {
> if (!gr->gr_passwd || !*gr->gr_passwd)
> return (*verify_fn) ("", id, 1, gr, verify_hook);
> @@ -278,7 +279,7 @@ verify_id (uid_t id, int is_group, int multiple,
> {
> struct passwd _pw, *pw;
> if (getpwuid_r (id, &_pw, id_lookup_buf, sizeof id_lookup_buf,
> &pw)
> - == 0)
> + == 0 && pw)
> {
> if (strcmp (pw->pw_passwd, SHADOW_PASSWORD_STRING) == 0)
> {
> --
> 2.5.3
>
>
signature.asc
Description: signature