diff options
| author | delphij <delphij@FreeBSD.org> | 2015-11-15 07:14:17 +0000 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2015-11-15 07:14:17 +0000 |
| commit | 2222968ca1ef3755448527615b71a84651b030c6 (patch) | |
| tree | 43f4f7a981cd71c5e1ff33cace172d71bcdb6f83 /usr.sbin | |
| parent | 0db8d82692016343cf9a13f56f572760ad63ceea (diff) | |
| download | FreeBSD-src-2222968ca1ef3755448527615b71a84651b030c6.zip FreeBSD-src-2222968ca1ef3755448527615b71a84651b030c6.tar.gz | |
MFC r290174:
In pw_userlock, set 'name' to NULL when we encounter an all number string
because it is also used as an indicator of whether a name or an UID is
being used and we may have undefined results as 'name' may contain
uninitialized stack contents.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/pw/pw_user.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c index f133147..ed99186 100644 --- a/usr.sbin/pw/pw_user.c +++ b/usr.sbin/pw/pw_user.c @@ -280,9 +280,10 @@ pw_userlock(char *arg1, int mode) if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); - if (arg1[strspn(arg1, "0123456789")] == '\0') + if (arg1[strspn(arg1, "0123456789")] == '\0') { id = pw_checkid(arg1, UID_MAX); - else + name = NULL; + } else name = arg1; pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); |
