Date: Tue, 7 Jul 2015 21:05:21 +0000 (UTC) From: Baptiste Daroussin <bapt@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285256 - in head/usr.sbin/pw: . tests Message-ID: <201507072105.t67L5Lwh015226@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bapt Date: Tue Jul 7 21:05:20 2015 New Revision: 285256 URL: https://svnweb.freebsd.org/changeset/base/285256 Log: pw: fail if an invalid entry is found while parsing master.passwd and group PR: 198554 Reported by: diaran <fbsd@centraltech.co.uk> MFC after: 2 days Modified: head/usr.sbin/pw/pw_vpw.c head/usr.sbin/pw/tests/pw_useradd.sh Modified: head/usr.sbin/pw/pw_vpw.c ============================================================================== --- head/usr.sbin/pw/pw_vpw.c Tue Jul 7 20:36:48 2015 (r285255) +++ head/usr.sbin/pw/pw_vpw.c Tue Jul 7 21:05:20 2015 (r285256) @@ -38,6 +38,7 @@ static const char rcsid[] = #include <string.h> #include <stdlib.h> #include <sys/param.h> +#include <err.h> #include "pwupd.h" @@ -80,6 +81,9 @@ vnextpwent(char const *nam, uid_t uid, i if (line[linelen - 1 ] == '\n') line[linelen - 1] = '\0'; pw = pw_scan(line, PWSCAN_MASTER); + if (pw == NULL) + errx(EXIT_FAILURE, "Invalid user entry in '%s':" + " '%s'", getpwpath(_MASTERPASSWD), line); if (uid != (uid_t)-1) { if (uid == pw->pw_uid) break; @@ -160,6 +164,9 @@ vnextgrent(char const *nam, gid_t gid, i if (line[linelen - 1 ] == '\n') line[linelen - 1] = '\0'; gr = gr_scan(line); + if (gr == NULL) + errx(EXIT_FAILURE, "Invalid group entry in '%s':" + " '%s'", getgrpath(_GROUP), line); if (gid != (gid_t)-1) { if (gid == gr->gr_gid) break; Modified: head/usr.sbin/pw/tests/pw_useradd.sh ============================================================================== --- head/usr.sbin/pw/tests/pw_useradd.sh Tue Jul 7 20:36:48 2015 (r285255) +++ head/usr.sbin/pw/tests/pw_useradd.sh Tue Jul 7 21:05:20 2015 (r285256) @@ -207,6 +207,30 @@ user_add_expiration_body() { atf_check -s exit:0 ${PW} userdel foo } +atf_test_case user_add_invalid_user_entry +user_add_invalid_user_entry_body() { + touch ${HOME}/master.passwd + touch ${HOME}/group + + pwd_mkdb -p -d ${HOME} ${HOME}/master.passwd || \ + atf_fail "generate passwd from master.passwd" + atf_check -s exit:0 ${PW} useradd foo + echo "foo1:*:1002" >> ${HOME}/master.passwd + atf_check -s exit:1 -e match:"Invalid user entry" ${PW} useradd foo2 +} + +atf_test_case user_add_invalid_group_entry +user_add_invalid_group_entry_body() { + touch ${HOME}/master.passwd + touch ${HOME}/group + + pwd_mkdb -p -d ${HOME} ${HOME}/master.passwd || \ + atf_fail "generate passwd from master.passwd" + atf_check -s exit:0 ${PW} useradd foo + echo 'foo1:*:1002' >> group + atf_check -s exit:1 -e match:"Invalid group entry" ${PW} useradd foo2 +} + atf_init_test_cases() { atf_add_test_case user_add atf_add_test_case user_add_noupdate @@ -225,4 +249,6 @@ atf_init_test_cases() { atf_add_test_case user_add_password_expiration_date_relative atf_add_test_case user_add_name_too_long atf_add_test_case user_add_expiration + atf_add_test_case user_add_invalid_user_entry + atf_add_test_case user_add_invalid_group_entry }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507072105.t67L5Lwh015226>