From 71219ddbd16cc509fa0b0613f0c7d4ca79dfc84b Mon Sep 17 00:00:00 2001 From: Thomas Quinot Date: Mon, 4 Sep 2006 15:09:21 +0000 Subject: [PATCH] (pw_copy): Handle the case of a malformed line in master.passwd (copy it silently, do not dereference NULL pointer). PR: bin/102848 Reviewed by: security-officer (cperciva) MFC after: 1 week --- lib/libutil/pw_util.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/libutil/pw_util.c b/lib/libutil/pw_util.c index 90c9d72f4f9..6d372c07c0a 100644 --- a/lib/libutil/pw_util.c +++ b/lib/libutil/pw_util.c @@ -481,13 +481,22 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) } /* is it the one we're looking for? */ + t = *q; *q = '\0'; + fpw = pw_scan(r, PWSCAN_MASTER); + + /* + * fpw is either the struct password for the current line, + * or NULL if the line is malformed. + */ + *q = t; - if (strcmp(fpw->pw_name, pw->pw_name) != 0) { + if (fpw == NULL || strcmp(fpw->pw_name, pw->pw_name) != 0) { /* nope */ - free(fpw); + if (fpw != NULL) + free(fpw); if (write(tfd, p, q - p + 1) != q - p + 1) goto err; ++q;