pw: fail if an invalid entry is found while parsing master.passwd and group

PR: 198554 Reported by: diaran <fbsd@centraltech.co.uk> MFC after: 2 days
svn path=/head/; revision=285256
2015-07-07 21:05:20 +00:00 · 2015-07-07 21:05:20 +00:00 · 59856c7d26 · 2020-12-20 02:59:44 +00:00
commit 59856c7d26
parent a13589bc47
2 changed files with 33 additions and 0 deletions
--- a/usr.sbin/pw/pw_vpw.c
+++ b/usr.sbin/pw/pw_vpw.c
@ -38,6 +38,7 @@ static const char rcsid[] =
 #include <string.h>
 #include <stdlib.h>
 #include <sys/param.h>
+#include <err.h>

 #include "pwupd.h"

@ -80,6 +81,9 @@ vnextpwent(char const *nam, uid_t uid, int doclose)
 			if (line[linelen - 1 ] == '\n')
 				line[linelen - 1] = '\0';
 			pw = pw_scan(line, PWSCAN_MASTER);
+			if (pw == NULL)
+				errx(EXIT_FAILURE, "Invalid user entry in '%s':"
+				    " '%s'", getpwpath(_MASTERPASSWD), line);
 			if (uid != (uid_t)-1) {
 				if (uid == pw->pw_uid)
 					break;
@ -160,6 +164,9 @@ vnextgrent(char const *nam, gid_t gid, int doclose)
 			if (line[linelen - 1 ] == '\n')
 				line[linelen - 1] = '\0';
 			gr = gr_scan(line);
+			if (gr == NULL)
+				errx(EXIT_FAILURE, "Invalid group entry in '%s':"
+				    " '%s'", getgrpath(_GROUP), line);
 			if (gid != (gid_t)-1) {
 				if (gid == gr->gr_gid)
 					break;
--- a/usr.sbin/pw/tests/pw_useradd.sh
+++ b/usr.sbin/pw/tests/pw_useradd.sh
@ -207,6 +207,30 @@ user_add_expiration_body() {
 	atf_check -s exit:0 ${PW} userdel foo
 }

+atf_test_case user_add_invalid_user_entry
+user_add_invalid_user_entry_body() {
+	touch ${HOME}/master.passwd
+	touch ${HOME}/group
+
+	pwd_mkdb -p -d ${HOME} ${HOME}/master.passwd || \
+		atf_fail "generate passwd from master.passwd"
+	atf_check -s exit:0 ${PW} useradd foo
+	echo "foo1:*:1002" >> ${HOME}/master.passwd
+	atf_check -s exit:1 -e match:"Invalid user entry" ${PW} useradd foo2
+}
+
+atf_test_case user_add_invalid_group_entry
+user_add_invalid_group_entry_body() {
+	touch ${HOME}/master.passwd
+	touch ${HOME}/group
+
+	pwd_mkdb -p -d ${HOME} ${HOME}/master.passwd || \
+		atf_fail "generate passwd from master.passwd"
+	atf_check -s exit:0 ${PW} useradd foo
+	echo 'foo1:*:1002' >> group
+	atf_check -s exit:1 -e match:"Invalid group entry" ${PW} useradd foo2
+}
+
 atf_init_test_cases() {
 	atf_add_test_case user_add
 	atf_add_test_case user_add_noupdate
@ -225,4 +249,6 @@ atf_init_test_cases() {
 	atf_add_test_case user_add_password_expiration_date_relative
 	atf_add_test_case user_add_name_too_long
 	atf_add_test_case user_add_expiration
+	atf_add_test_case user_add_invalid_user_entry
+	atf_add_test_case user_add_invalid_group_entry
 }