[Bug 8586] adduser without -s (shell) creates invalid /etc/passwd entry

bugzilla at busybox.net bugzilla at busybox.net
Fri Jan 11 23:09:24 UTC 2019


https://bugs.busybox.net/show_bug.cgi?id=8586

--- Comment #9 from 5cli67sg4k at bq6hf.anonbox.net ---
Created attachment 7926
  --> https://bugs.busybox.net/attachment.cgi?id=7926&action=edit
Patch to fix this issue

This is a bug caused by the fact that getpwnam(3) returns a pointer to static
data and is used twice in adduser.c

1. Indirectly by get_shell_name()
2. Directly by passwd_study()

This causes the getpwnam(3) call in passwd_study() to "overwrite" the memory
location `get_shell_name()` returns a pointer two. There are obviously a
variety of ways to address this issue (e.g. making get_shell_name() use
getpwnam_r). However, the most simple fix (which also seems to be used
elsewhere) is using xstrdup() on the return value of get_shell_name().

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list