From 2bf8d53a14b0b38788407982e63e84cefabca4bd Mon Sep 17 00:00:00 2001 From: thomas Date: Mon, 4 Sep 2006 15:09:21 +0000 Subject: (pw_copy): Handle the case of a malformed line in master.passwd (copy it silently, do not dereference NULL pointer). PR: bin/102848 Reviewed by: security-officer (cperciva) MFC after: 1 week --- lib/libutil/pw_util.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'lib/libutil/pw_util.c') diff --git a/lib/libutil/pw_util.c b/lib/libutil/pw_util.c index 90c9d72..6d372c0 100644 --- a/lib/libutil/pw_util.c +++ b/lib/libutil/pw_util.c @@ -481,13 +481,22 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) } /* is it the one we're looking for? */ + t = *q; *q = '\0'; + fpw = pw_scan(r, PWSCAN_MASTER); + + /* + * fpw is either the struct password for the current line, + * or NULL if the line is malformed. + */ + *q = t; - if (strcmp(fpw->pw_name, pw->pw_name) != 0) { + if (fpw == NULL || strcmp(fpw->pw_name, pw->pw_name) != 0) { /* nope */ - free(fpw); + if (fpw != NULL) + free(fpw); if (write(tfd, p, q - p + 1) != q - p + 1) goto err; ++q; -- cgit v1.1