d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Since rpc.yppasswdd(8) also supports adding entries to the

Browse Source 
/var/yp/master.passwd template file and it uses the same kind of code
as chpass(1), it may also be vulnerable to the bug from PR #1519.
May as well deal with it since I'm in the area. (yppasswdd in -stable
doesn't do additions, therefore it shouldn't be have this problem.)
This commit is contained in:
Bill Paul 1996-10-22 03:53:06 +00:00
parent fac16cb516
commit b87efe4572
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=19091
1 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
usr.sbin/rpc.yppasswdd/pw_copy.c
View File

@ -56,6 +56,15 @@ pw_copy(ffd, tfd, pw)
FILE *from, *to;
int done;
char *p, buf[8192];
char uidstr[20];
char gidstr[20];
char chgstr[20];
char expstr[20];
snprintf(uidstr, sizeof(uidstr), "%d", pw->pw_uid);
snprintf(gidstr, sizeof(gidstr), "%d", pw->pw_gid);
snprintf(chgstr, sizeof(chgstr), "%ld", pw->pw_change);
snprintf(expstr, sizeof(expstr), "%ld", pw->pw_expire);
if (!(from = fdopen(ffd, "r"))) {
pw_error(passfile, 1, 1);
@ -90,20 +99,28 @@ pw_copy(ffd, tfd, pw)
goto err;
continue;
}
(void)fprintf(to, "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n",
pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid,
pw->pw_class, pw->pw_change, pw->pw_expire, pw->pw_gecos,
pw->pw_dir, pw->pw_shell);
(void)fprintf(to, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n",
pw->pw_name, pw->pw_passwd,
pw->pw_fields & _PWF_UID ? uidstr : "",
pw->pw_fields & _PWF_GID ? gidstr : "",
pw->pw_class,
pw->pw_fields & _PWF_CHANGE ? chgstr : "",
pw->pw_fields & _PWF_EXPIRE ? expstr : "",
pw->pw_gecos, pw->pw_dir, pw->pw_shell);
done = 1;
if (ferror(to))
goto err;
}
if (!done) {
if (allow_additions) {
(void)fprintf(to, "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n",
pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid,
pw->pw_class, pw->pw_change, pw->pw_expire,
pw->pw_gecos, pw->pw_dir, pw->pw_shell);
(void)fprintf(to, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n",
pw->pw_name, pw->pw_passwd,
pw->pw_fields & _PWF_UID ? uidstr : "",
pw->pw_fields & _PWF_GID ? gidstr : "",
pw->pw_class,
pw->pw_fields & _PWF_CHANGE ? chgstr : "",
pw->pw_fields & _PWF_EXPIRE ? expstr : "",
pw->pw_gecos, pw->pw_dir, pw->pw_shell);
} else {
yp_error("user \"%s\" not found in %s -- \
NIS maps and password file possibly out of sync", pw->pw_name, passfile);