NetBSD Problem Report #40994
From www@NetBSD.org Wed Mar 11 12:10:56 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 666F463C100
for <gnats-bugs@gnats.netbsd.org>; Wed, 11 Mar 2009 12:10:56 +0000 (UTC)
Message-Id: <20090311121056.1521663BE42@www.NetBSD.org>
Date: Wed, 11 Mar 2009 12:10:56 +0000 (UTC)
From: shinden@linux.pl
Reply-To: shinden@linux.pl
To: gnats-bugs@NetBSD.org
Subject: usermod -l change password so user is unable to login
X-Send-Pr-Version: www-1.0
>Number: 40994
>Category: bin
>Synopsis: usermod -l change password so user is unable to login
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: mlelstv
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Mar 11 12:15:00 +0000 2009
>Closed-Date: Thu Mar 26 21:46:44 +0000 2009
>Last-Modified: Thu Mar 26 21:46:44 +0000 2009
>Originator: Daniel Horecki
>Release: NetBSD 5.0_RC2
>Organization:
>Environment:
NetBSD myrkr.stars 5.0_RC2 NetBSD 5.0_RC2 (MORR) #10: Mon Feb 23 12:17:50 CET 2009 sh@myrkr.stars:/home/sh/src/netbsd-5/obj/sys/arch/i386/compile/MORR i386
>Description:
When username is changed using usermod, first characters of password is overwritten by number of chars from username. E.g.:
myrkr# grep ^te /etc/master.passwd
test:jUF5HP4dYXGew:1007:100::0:0::/home/te:/bin/ksh
myrkr# usermod -l testujemy test
myrkr# grep ^te /etc/master.passwd
testujemy:ujemyP4dYXGew:1007:100::0:0::/home/te:/bin/ksh
>How-To-Repeat:
Change username to something longer than previous name.
>Fix:
Not now, will send patch when it will be ready.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: bin-bug-people->mlelstv
Responsible-Changed-By: mlelstv@NetBSD.org
Responsible-Changed-When: Wed, 11 Mar 2009 13:32:13 +0000
Responsible-Changed-Why:
I can fix it
From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/40994 (usermod -l change password so user is unable to
login)
Date: Wed, 11 Mar 2009 14:38:54 +0100
The bug comes from using the result of getpwnam() while calling
getpwnam() a second time (to check wether the new username already
exists).
This patch replaces the first call to getpwnam() with the
reentrant version and a private buffer.
---------------
Index: user.c
===================================================================
RCS file: /cvsroot/src/usr.sbin/user/user.c,v
retrieving revision 1.117
diff -u -r1.117 user.c
--- user.c 2 Nov 2006 21:42:08 -0000 1.117
+++ user.c 11 Mar 2009 13:20:09 -0000
@@ -1386,7 +1386,7 @@
static int
moduser(char *login_name, char *newlogin, user_t *up, int allow_samba)
{
- struct passwd *pwp;
+ struct passwd *pwp, pw;
struct group *grp;
const char *homedir;
char *locked_pwd;
@@ -1396,6 +1396,7 @@
FILE *master;
char newdir[MaxFileNameLen];
char buf[MaxEntryLen];
+ char pwbuf[MaxEntryLen];
char *colon;
int masterfd;
int ptmpfd;
@@ -1405,7 +1406,8 @@
errx(EXIT_FAILURE, "Can't modify user `%s': invalid login name",
login_name);
}
- if ((pwp = getpwnam(login_name)) == NULL) {
+ if (getpwnam_r(login_name, &pw, pwbuf, sizeof(pwbuf), &pwp) != 0
+ || pwp == NULL) {
errx(EXIT_FAILURE, "Can't modify user `%s': no such user",
login_name);
}
---------------
Greetings,
--
Michael van Elst
Internet: mlelstv@serpens.de
"A potential Snark may lurk in every tree."
State-Changed-From-To: open->pending-pullups
State-Changed-By: mlelstv@NetBSD.org
State-Changed-When: Wed, 11 Mar 2009 18:12:49 +0000
State-Changed-Why:
the fix has been applied and pullups requested for netbsd-{5,4,3}
State-Changed-From-To: pending-pullups->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Thu, 26 Mar 2009 21:46:44 +0000
State-Changed-Why:
pullups completed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.