Bug#341230: [Pkg-shadow-devel] Bug#341230: passwd: Partial changes with chfn other values

Nicolas François nicolas.francois at centraliens.net
Wed Nov 30 22:16:52 UTC 2005 

Hello Tomasz,


On Wed, Nov 30, 2005 at 12:10:23AM +0100, kloczek at zie.pg.gda.pl wrote:
> For me it looks like bug in PAM so I don't see any things for adjust/fix
> on shadow level.

I really think this is a bug.
The getpwnam man page specifies:

   The getpwnam() and getpwuid() functions return a pointer  to  a  passwd
   structure,  or  NULL  if  the  matching  entry is not found or an error
   occurs.  If an error occurs, errno is set appropriately.  If one  wants
   to  check  errno  after  the  call, it should be set to zero before the
   call.

   The return value may point to static area, and may  be  overwritten  by
   subsequent calls to getpwent(), getpwnam(), or getpwuid().

There is no garranty that a PAM module will not use one of these
functions.  (This is the case at least of pam_unix in PAM 0.76)
So the structure must be duplicated before being used (there are call to
PAM between the call to getpwnam and the usage of the passwd structure).


I identified another similar issue:
When chsh is used without -s (i.e. in interractive mode) and by root,
chsh <user> should display the current shell of <user> between squared
brackets. With libpam-modules 0.76, the defaut shell is root's one, not
<user>'s one.


In the GNU libc (currently), only a call to the same function (getpwent(),
getpwnam(), or getpwuid()) overrides the static area (i.e. there is one
static area for each function).

This patch should fix this kind of issues for the GNU libc. However,
getpwuid is often called after the call to getpwnam in shadow, and thus
more issues may appear on no-GNU libc.

I will try to see if there is such issue exists (but I won't have any way
to reproduce any bug).




The attached patch applies cleanly to your CVS.

Kind Regards,
-- 
Nekral
-------------- next part --------------
Index: src/chfn.c
===================================================================
RCS file: /cvsroot/shadow/src/chfn.c,v
retrieving revision 1.38
diff -u -r1.38 chfn.c
--- src/chfn.c	19 Oct 2005 15:21:07 -0000	1.38
+++ src/chfn.c	30 Nov 2005 22:02:56 -0000
@@ -334,6 +334,11 @@
 		}
 		user = xstrdup (pw->pw_name);
 	}
+	pw = __pw_dup(pw);
+	if (!pw) {
+		fprintf (stderr, _("%s: out of memory\n"), Prog);
+		exit (E_NOPERM);
+	}
 
 #ifdef	USE_NIS
 	/*
Index: src/chsh.c
===================================================================
RCS file: /cvsroot/shadow/src/chsh.c,v
retrieving revision 1.36
diff -u -r1.36 chsh.c
--- src/chsh.c	19 Oct 2005 15:21:07 -0000	1.36
+++ src/chsh.c	30 Nov 2005 22:02:56 -0000
@@ -192,6 +192,11 @@
 		}
 		user = xstrdup (pw->pw_name);
 	}
+	pw = __pw_dup(pw);
+	if (!pw) {
+		fprintf (stderr, _("%s: out of memory\n"), Prog);
+		exit (1);
+	}
 
 #ifdef	USE_NIS
 	/*

More information about the Pkg-shadow-devel mailing list