diff options
| author | imp <imp@FreeBSD.org> | 1999-12-21 19:30:09 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1999-12-21 19:30:09 +0000 |
| commit | cef06dff8305c528a20e19f7d485a8cad5a9d401 (patch) | |
| tree | 1ba555fa4d1b7a179cc4ef344ddabc08e0b1024a /usr.bin/chpass | |
| parent | 8d5394b21b820c25cfe6115b5fa3c5b878750762 (diff) | |
| download | FreeBSD-src-cef06dff8305c528a20e19f7d485a8cad5a9d401.zip FreeBSD-src-cef06dff8305c528a20e19f7d485a8cad5a9d401.tar.gz | |
Extra sanity checks in information from file edited by user. This
precludes using chfn, et al, to generate a divot in /etc.
Submitted by: Lukasz Luzar
Forgotten about for months by: imp
Diffstat (limited to 'usr.bin/chpass')
| -rw-r--r-- | usr.bin/chpass/edit.c | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/usr.bin/chpass/edit.c b/usr.bin/chpass/edit.c index cfb9513..a8c5cc2 100644 --- a/usr.bin/chpass/edit.c +++ b/usr.bin/chpass/edit.c @@ -140,33 +140,33 @@ display(fd, pw) bp = pw->pw_gecos; p = strsep(&bp, ","); - if (p) - list[E_NAME].save = strdup(p); + p = strdup(p ? p : ""); + list[E_NAME].save = p; if (!list[E_NAME].restricted || !uid) - (void)fprintf(fp, "Full Name: %s\n", p ? p : ""); + (void)fprintf(fp, "Full Name: %s\n", p); p = strsep(&bp, ","); - if (p) - list[E_LOCATE].save = strdup(p); + p = strdup(p ? p : ""); + list[E_LOCATE].save = p; if (!list[E_LOCATE].restricted || !uid) - (void)fprintf(fp, "Office Location: %s\n", p ? p : ""); + (void)fprintf(fp, "Office Location: %s\n", p); p = strsep(&bp, ","); - if (p) - list[E_BPHONE].save = strdup(p); + p = strdup(p ? p : ""); + list[E_BPHONE].save = p; if (!list[E_BPHONE].restricted || !uid) - (void)fprintf(fp, "Office Phone: %s\n", p ? p : ""); + (void)fprintf(fp, "Office Phone: %s\n", p); p = strsep(&bp, ","); - if (p) - list[E_HPHONE].save = strdup(p); + p = strdup(p ? p : ""); + list[E_HPHONE].save = p; if (!list[E_HPHONE].restricted || !uid) - (void)fprintf(fp, "Home Phone: %s\n", p ? p : ""); + (void)fprintf(fp, "Home Phone: %s\n", p); - if (bp!=NULL) - list[E_OTHER].save = strdup(bp); + bp = strdup(bp ? bp : ""); + list[E_OTHER].save = bp; if (!list[E_OTHER].restricted || !uid) - (void)fprintf(fp, "Other information: %s\n", bp ? bp : ""); + (void)fprintf(fp, "Other information: %s\n", bp); (void)fchown(fd, getuid(), getgid()); (void)fclose(fp); @@ -237,7 +237,7 @@ bad: (void)fclose(fp); /* Build the gecos field. */ len = strlen(list[E_NAME].save) + strlen(list[E_BPHONE].save) + strlen(list[E_HPHONE].save) + strlen(list[E_LOCATE].save) + - strlen(list[E_OTHER].save) + 4; + strlen(list[E_OTHER].save) + 5; if (!(p = malloc(len))) err(1, NULL); (void)sprintf(pw->pw_gecos = p, "%s,%s,%s,%s,%s", list[E_NAME].save, |
