diff options
author | delphij <delphij@FreeBSD.org> | 2015-10-30 00:46:52 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2015-10-30 00:46:52 +0000 |
commit | 2e85b00467edc593503fb6ee01981901f19adaf4 (patch) | |
tree | cde7f2bf4e1c6d77b7c098c1adfacaec6b5e3502 /usr.sbin | |
parent | 870b3ee349e23cb7a48b791f36868f7112e397b3 (diff) | |
download | FreeBSD-src-2e85b00467edc593503fb6ee01981901f19adaf4.zip FreeBSD-src-2e85b00467edc593503fb6ee01981901f19adaf4.tar.gz |
In pw_userlock, set 'name' to NULL when we encounter an all number string
because it is also used as an indicator of whether a name or an UID is
being used and we may have undefined results as 'name' may contain
uninitialized stack contents.
MFC after: 2 weeks
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/pw/pw_user.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c index 345f642..5c168ab 100644 --- a/usr.sbin/pw/pw_user.c +++ b/usr.sbin/pw/pw_user.c @@ -282,9 +282,10 @@ pw_userlock(char *arg1, int mode) if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); - if (arg1[strspn(arg1, "0123456789")] == '\0') + if (arg1[strspn(arg1, "0123456789")] == '\0') { id = pw_checkid(arg1, UID_MAX); - else + name = NULL; + } else name = arg1; pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); |