upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-04-21 14:17:06 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

In pw_userlock, set 'name' to NULL when we encounter an all number string

Browse source 
because it is also used as an indicator of whether a name or an UID is
being used and we may have undefined results as 'name' may contain
uninitialized stack contents.

MFC after:	2 weeks
This commit is contained in:
Xin LI 2015-10-30 00:46:52 +00:00
parent 6bce9a1004
commit 069cc8a45f
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
usr.sbin/pw/pw_user.c
View file

@ -282,9 +282,10 @@ pw_userlock(char *arg1, int mode)
if (arg1 == NULL)
errx(EX_DATAERR, "username or id required");
if (arg1[strspn(arg1, "0123456789")] == '\0')
if (arg1[strspn(arg1, "0123456789")] == '\0') {
id = pw_checkid(arg1, UID_MAX);
else
name = NULL;
} else
name = arg1;
pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id);