CVS commit: src/usr.bin/su

Fri, 24 Mar 2023 09:58:39 -0700 

Module Name:    src
Committed By:   kre
Date:           Fri Mar 24 16:58:24 UTC 2023

Modified Files:
        src/usr.bin/su: su.c su_pam.c

Log Message:
After a ':' (as in login:group or just :group) insist that there
actually be a group name (of some form, don't care what) present.


To generate a diff of this commit:
cvs rdiff -u -r1.74 -r1.75 src/usr.bin/su/su.c
cvs rdiff -u -r1.23 -r1.24 src/usr.bin/su/su_pam.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.bin/su/su.c
diff -u src/usr.bin/su/su.c:1.74 src/usr.bin/su/su.c:1.75
--- src/usr.bin/su/su.c:1.74	Sat Oct 30 11:25:30 2021
+++ src/usr.bin/su/su.c	Fri Mar 24 16:58:24 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: su.c,v 1.74 2021/10/30 11:25:30 nia Exp $	*/
+/*	$NetBSD: su.c,v 1.75 2023/03/24 16:58:24 kre Exp $	*/
 
 /*
  * Copyright (c) 1988 The Regents of the University of California.
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1988\
 #if 0
 static char sccsid[] = "@(#)su.c	8.3 (Berkeley) 4/2/94";*/
 #else
-__RCSID("$NetBSD: su.c,v 1.74 2021/10/30 11:25:30 nia Exp $");
+__RCSID("$NetBSD: su.c,v 1.75 2023/03/24 16:58:24 kre Exp $");
 #endif
 #endif /* not lint */
 
@@ -210,8 +210,9 @@ main(int argc, char **argv)
 	if ((p = strchr(user, ':')) != NULL) {
 		*p = '\0';
 		gname = ++p;
-	}
-	else
+		if (*gname == '\0')
+			errx(EXIT_FAILURE, "missing 'group' after ':'");
+	} else
 		gname = NULL;
 
 #ifdef ALLOW_EMPTY_USER

Index: src/usr.bin/su/su_pam.c
diff -u src/usr.bin/su/su_pam.c:1.23 src/usr.bin/su/su_pam.c:1.24
--- src/usr.bin/su/su_pam.c:1.23	Sat Nov 27 22:16:42 2021
+++ src/usr.bin/su/su_pam.c	Fri Mar 24 16:58:24 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: su_pam.c,v 1.23 2021/11/27 22:16:42 rillig Exp $	*/
+/*	$NetBSD: su_pam.c,v 1.24 2023/03/24 16:58:24 kre Exp $	*/
 
 /*
  * Copyright (c) 1988 The Regents of the University of California.
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1988\
 #if 0
 static char sccsid[] = "@(#)su.c	8.3 (Berkeley) 4/2/94";*/
 #else
-__RCSID("$NetBSD: su_pam.c,v 1.23 2021/11/27 22:16:42 rillig Exp $");
+__RCSID("$NetBSD: su_pam.c,v 1.24 2023/03/24 16:58:24 kre Exp $");
 #endif
 #endif /* not lint */
 
@@ -204,8 +204,9 @@ main(int argc, char **argv)
 	if ((p = strchr(user, ':')) != NULL) {
 		*p = '\0';
 		gname = ++p;
-	}
-	else
+		if (*gname == '\0')
+			errx(EXIT_FAILURE, "missing 'group' after ':'");
+	} else
 		gname = NULL;
 
 #ifdef ALLOW_EMPTY_USER

Reply via email to