svn commit: r290854 - stable/10/usr.sbin/pw
Xin LI
delphij at FreeBSD.org
Sun Nov 15 07:14:19 UTC 2015
Author: delphij
Date: Sun Nov 15 07:14:17 2015
New Revision: 290854
URL: https://svnweb.freebsd.org/changeset/base/290854
Log:
MFC r290174:
In pw_userlock, set 'name' to NULL when we encounter an all number string
because it is also used as an indicator of whether a name or an UID is
being used and we may have undefined results as 'name' may contain
uninitialized stack contents.
Modified:
stable/10/usr.sbin/pw/pw_user.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/usr.sbin/pw/pw_user.c
==============================================================================
--- stable/10/usr.sbin/pw/pw_user.c Sun Nov 15 07:10:02 2015 (r290853)
+++ stable/10/usr.sbin/pw/pw_user.c Sun Nov 15 07:14:17 2015 (r290854)
@@ -280,9 +280,10 @@ pw_userlock(char *arg1, int mode)
if (arg1 == NULL)
errx(EX_DATAERR, "username or id required");
- if (arg1[strspn(arg1, "0123456789")] == '\0')
+ if (arg1[strspn(arg1, "0123456789")] == '\0') {
id = pw_checkid(arg1, UID_MAX);
- else
+ name = NULL;
+ } else
name = arg1;
pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id);
More information about the svn-src-stable
mailing list