Overview

File shadow-4.6.0-fix-usermod-prefix-crash.patch of Package shadow.12022

Bug: https://github.com/shadow-maint/shadow/issues/110
Containing following two fixes.

From 73a876a05612c278da747faeaeea40c3b8d34a53 Mon Sep 17 00:00:00 2001
From: fariouche <fariouche@yahoo.fr>
Date: Tue, 8 May 2018 21:17:46 -0500
Subject: [PATCH 1/2] Fix usermod crash

Return newly allocated pointers when the caller will free them.

Closes #110
---
 libmisc/prefix_flag.c |  2 +-
 src/usermod.c         | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
index 6581235e..8ceffd26 100644
--- a/libmisc/prefix_flag.c
+++ b/libmisc/prefix_flag.c
@@ -333,7 +333,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
 	    	&& (gid == (gid_t)gid)) {
 			return prefix_getgrgid ((gid_t) gid);
 		}
-		return prefix_getgrnam (grname);
+		return __gr_dup(prefix_getgrnam (grname));
 	}
 	else
 		return getgr_nam_gid(grname);
diff --git a/src/usermod.c b/src/usermod.c
index e571426f..7355ad31 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1251,11 +1251,13 @@ static void process_flags (int argc, char **argv)
 		prefix_user_home = xmalloc(len);
 		wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
 		assert (wlen == (int) len -1);
+		if (user_newhome) {
+			len = strlen(prefix) + strlen(user_newhome) + 2;
+			prefix_user_newhome = xmalloc(len);
+			wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
+			assert (wlen == (int) len -1);
+		}
 
-		len = strlen(prefix) + strlen(user_newhome) + 2;
-		prefix_user_newhome = xmalloc(len);
-		wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
-		assert (wlen == (int) len -1);
 	}
 	else {
 		prefix_user_home = user_home;

From 48dcf7852e51b9d8e7926737cc7f7823978b7d7d Mon Sep 17 00:00:00 2001
From: Serge Hallyn <shallyn@cisco.com>
Date: Tue, 8 May 2018 21:37:55 -0500
Subject: [PATCH 2/2] usermod: prevent a segv

in the case where prefix does not exist.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
---
 libmisc/prefix_flag.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
index 8ceffd26..96b11faa 100644
--- a/libmisc/prefix_flag.c
+++ b/libmisc/prefix_flag.c
@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
 {
 	long long int gid;
 	char *endptr;
+	struct group *g;
 
 	if (NULL == grname) {
 		return NULL;
@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
 	    	&& (gid == (gid_t)gid)) {
 			return prefix_getgrgid ((gid_t) gid);
 		}
-		return __gr_dup(prefix_getgrnam (grname));
+		g = prefix_getgrnam (grname);
+		return g ? __gr_dup(g) : NULL;
 	}
 	else
 		return getgr_nam_gid(grname);
openSUSE Build Service is sponsored by
Places