In pw_userlock, set 'name' to NULL when we encounter an all number string

because it is also used as an indicator of whether a name or an UID is being used and we may have undefined results as 'name' may contain uninitialized stack contents. MFC after: 2 weeks
svn path=/head/; revision=290174
2015-10-30 00:46:52 +00:00 · 2015-10-30 00:46:52 +00:00 · 069cc8a45f · 2020-12-20 02:59:44 +00:00
commit 069cc8a45f
parent 6bce9a1004
1 changed files with 3 additions and 2 deletions
--- a/usr.sbin/pw/pw_user.c
+++ b/usr.sbin/pw/pw_user.c
@ -282,9 +282,10 @@ pw_userlock(char *arg1, int mode)
 	if (arg1 == NULL)
 		errx(EX_DATAERR, "username or id required");

-	if (arg1[strspn(arg1, "0123456789")] == '\0')
+	if (arg1[strspn(arg1, "0123456789")] == '\0') {
 		id = pw_checkid(arg1, UID_MAX);
-	else
+		name = NULL;
+	} else
 		name = arg1;

 	pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id);