svn commit: r290174 - head/usr.sbin/pw

Xin LI Thu, 29 Oct 2015 17:47:25 -0700

Author: delphij
Date: Fri Oct 30 00:46:52 2015
New Revision: 290174
URL: https://svnweb.freebsd.org/changeset/base/290174


Log:
  In pw_userlock, set 'name' to NULL when we encounter an all number string
  because it is also used as an indicator of whether a name or an UID is
  being used and we may have undefined results as 'name' may contain
  uninitialized stack contents.
  
  MFC after:    2 weeks

Modified:
  head/usr.sbin/pw/pw_user.c

Modified: head/usr.sbin/pw/pw_user.c
==============================================================================
--- head/usr.sbin/pw/pw_user.c  Fri Oct 30 00:33:03 2015        (r290173)
+++ head/usr.sbin/pw/pw_user.c  Fri Oct 30 00:46:52 2015        (r290174)
@@ -282,9 +282,10 @@ pw_userlock(char *arg1, int mode)
        if (arg1 == NULL)
                errx(EX_DATAERR, "username or id required");
 
-       if (arg1[strspn(arg1, "0123456789")] == '\0')
+       if (arg1[strspn(arg1, "0123456789")] == '\0') {
                id = pw_checkid(arg1, UID_MAX);
-       else
+               name = NULL;
+       } else
                name = arg1;
 
        pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id);
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r290174 - head/usr.sbin/pw

Reply via email to