summaryrefslogtreecommitdiff
path: root/loginutils/passwd.c
diff options
context:
space:
mode:
authorDenis Vlasenko2007-10-29 19:25:45 +0000
committerDenis Vlasenko2007-10-29 19:25:45 +0000
commit15ca51e3e2a31efc275b616106244d8ec3f8f773 (patch)
treee54716fcb612a54cfa72564d9ef089eebe92acbd /loginutils/passwd.c
parent5a28a25b9dd81e0975532458723c4244ff532e58 (diff)
downloadbusybox-15ca51e3e2a31efc275b616106244d8ec3f8f773.zip
busybox-15ca51e3e2a31efc275b616106244d8ec3f8f773.tar.gz
appletlib.c: make it actally follow _BB_SUID_ALWAYS rules
adduser: implement -S and code shrink / fix uid selection *: sanitize getspnam_r use text data bss dec hex filename 777042 974 9676 787692 c04ec busybox_old 776883 974 9676 787533 c044d busybox_unstripped
Diffstat (limited to 'loginutils/passwd.c')
-rw-r--r--loginutils/passwd.c27
1 files changed, 14 insertions, 13 deletions
diff --git a/loginutils/passwd.c b/loginutils/passwd.c
index 99afde2..0842b71 100644
--- a/loginutils/passwd.c
+++ b/loginutils/passwd.c
@@ -93,11 +93,9 @@ int passwd_main(int argc, char **argv)
uid_t myuid;
struct rlimit rlimit_fsize;
char c;
-
#if ENABLE_FEATURE_SHADOWPASSWDS
/* Using _r function to avoid pulling in static buffers */
struct spwd spw;
- struct spwd *result;
char buffer[256];
#endif
@@ -128,16 +126,19 @@ int passwd_main(int argc, char **argv)
}
#if ENABLE_FEATURE_SHADOWPASSWDS
- /* getspnam_r() can lie! Even if user isn't in shadow, it can
- * return success (pwd field was seen set to "!" in this case) */
- if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)
- || LONE_CHAR(spw.sp_pwdp, '!')) {
- /* LOGMODE_BOTH */
- bb_error_msg("no record of %s in %s, using %s",
- name, bb_path_shadow_file,
- bb_path_passwd_file);
- } else {
- pw->pw_passwd = spw.sp_pwdp;
+ {
+ /* getspnam_r may return 0 yet set result to NULL.
+ * At least glibc 2.4 does this. Be extra paranoid here. */
+ struct spwd *result = NULL;
+ if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)
+ || !result || strcmp(result->sp_namp, pw->pw_name) != 0) {
+ /* LOGMODE_BOTH */
+ bb_error_msg("no record of %s in %s, using %s",
+ name, bb_path_shadow_file,
+ bb_path_passwd_file);
+ } else {
+ pw->pw_passwd = result->sp_pwdp;
+ }
}
#endif
@@ -161,7 +162,7 @@ int passwd_main(int argc, char **argv)
newp = xasprintf("!%s", pw->pw_passwd);
} else if (opt & OPT_unlock) {
if (c) goto skip; /* not '!' */
- /* pw->pw_passwd pints to static storage,
+ /* pw->pw_passwd points to static storage,
* strdup'ing to avoid nasty surprizes */
newp = xstrdup(&pw->pw_passwd[1]);
} else if (opt & OPT_delete) {