[Bug 211195] pw userdel Segmentation fault (core dumped)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jul 20 21:58:52 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211195
rday <ryan at ryanday.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ryan at ryanday.net
--- Comment #3 from rday <ryan at ryanday.net> ---
Created attachment 172760
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=172760&action=edit
Patch for 211195
The crash occurs in the rm_r() function, however the core dump issue looks a
little more subtle than not having a home directory. For example, the commands
# pw user add someuser -g somegroup -d "/home/someuser" -s "/usr/sbin/nologin"
# pw user del someuser -r
Won't core dump. /home/someuser doesn't exist, and the problematic code never
runs.
In your example the home directory was "/dev/null", which *does* exist even
though -m wasn't specified. The program uses openat(2) with the O_DIRECTORY
flag to open "/dev/null" which is not a directory. openat() returns an
unchecked error, and the program crashes when it tries to open the invalid
descriptor.
I was able to reproduce this in the master branch on the Github repo. I
attached a patch for the rm_r() function to check the return value of openat().
It looks like openat()'s return value isn't checked in a couple other locations
in the code as well. Those code paths may not be accessible though.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-amd64
mailing list