Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 5 Apr 1997 19:17:37 +0200 (CEST)
From:      blank@fox.uni-trier.de
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/3206: FreeBSD 2.2-STABLE: su seg-faults on invalid command line
Message-ID:  <199704051717.TAA20407@sliphost37.uni-trier.de>
Resent-Message-ID: <199704051730.JAA17959@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         3206
>Category:       bin
>Synopsis:       su seg-faults when being invoked with an invalid command line
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Apr  5 09:30:00 PST 1997
>Last-Modified:
>Originator:     Sascha Blank
>Organization:
Computer Center of the University of Trier, Germany
>Release:        FreeBSD 2.2-STABLE i386
>Environment:

FreeBSD 2.2-STABLE, current as of ctm-src-2.2 #0226

ident /usr/src/usr.bin/su/su.c says:

    $Id: su.c,v 1.14.2.1 1997/03/07 09:01:23 joerg Exp $

>Description:

Calling su with an invalid command line like this one

	su --

or this one

	su --m

makes su quit with a segmentation fault:

Apr  5 19:00:56 sliphost37 /kernel: pid 20268 (su), uid 0: exited on signal 11

>How-To-Repeat:

See above.

>Fix:

The reason for the fault is easy to find. The variable "user" is supposed
to hold the user name given on the command line (or "root" if none is
given). In case of an invalied argument like above "user" is set to NULL,
which will later make the "getpwnam(user)"-call fail.

My little diff below fixes this problem by explicitely checking if "user"
has been set to NULL. If so, it makes the program show "usage..." and
exit properly.


*** su.c.CURRENT	Sat Apr  5 18:55:03 1997
--- su.c	Sat Apr  5 19:06:21 1997
***************
*** 137,142 ****
--- 137,148 ----
  		break;
  	    }
  
+ 	if(user == NULL) {
+ 	    (void)fprintf(stderr, "usage: su [%s] [login]\n",
+ 		          ARGSTR);
+ 	    exit(1);
+ 	}
+ 
  	if((nargv = malloc (sizeof (char *) * (argc + 4))) == NULL) {
  	    errx(1, "malloc failure");
  	}

--
             Sascha Blank - mailto:blank@fox.uni-trier.de
  Student and System Administrator at the University of Trier, Germany
            Finger my account to receive my Public PGP key
   I don't speak for my employers, they don't pay me enough for that.
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704051717.TAA20407>