freebsd-skq/usr.sbin/pw
Don Lewis 660d4fe299 Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking.  Fix this problem by limiting the length
of the name copied.

Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser.  Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.

Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.

Reduce code indentation by returning early in a couple of places.

Reported by:	Coverity
CID:		1006692
Reviewed by:	markj (previous version)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D6490
2016-05-24 05:02:24 +00:00
..
tests Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed 2016-05-04 23:20:53 +00:00
bitmap.c
bitmap.h
cpdir.c Remove some unneeded headers 2016-03-26 11:41:35 +00:00
grupd.c Cleanup a bit includes 2015-08-02 13:22:46 +00:00
Makefile Rewrite parsing subcommands arguments of pw(8) 2015-08-02 12:47:50 +00:00
Makefile.depend
psdate.c Cleanup a bit includes 2015-08-02 13:22:46 +00:00
psdate.h
pw_conf.c Simplify code for parsing extra groups 2015-12-29 00:08:32 +00:00
pw_group.c Restore dryrun support for pw groupmod 2015-12-28 23:57:22 +00:00
pw_log.c Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes 2016-05-24 05:02:24 +00:00
pw_nis.c Cleanup a bit includes 2015-08-02 13:22:46 +00:00
pw_user.c Remove some unneeded headers 2016-03-26 11:41:35 +00:00
pw_utils.c Remove some unneeded headers 2016-03-26 11:41:35 +00:00
pw_vpw.c Remove some unneeded headers 2016-03-26 11:41:35 +00:00
pw.8 Add a single example of adding a user that roughly corresponds with the 2016-04-23 22:57:54 +00:00
pw.c Fix a repeated typo: rootir -> rootdir. 2015-10-09 14:55:55 +00:00
pw.conf.5
pw.h Cleanup a bit includes 2015-08-02 13:22:46 +00:00
pwupd.c Cleanup a bit includes 2015-08-02 13:22:46 +00:00
pwupd.h Rewrite parsing subcommands arguments of pw(8) 2015-08-02 12:47:50 +00:00
README
rm_r.c Cleanup includes 2015-07-29 23:26:14 +00:00
strtounum.c Fix err pointer not initialized to NULL resulting 2015-08-21 14:28:14 +00:00

pw is a command-line driven passwd/group editor utility that provides
an easy and safe means of modifying of any/all fields in the system
password files, and has an add, modify and delete mode for user and
group records. Command line options have been fashioned to be similar
to those used by the Sun/shadow commands: useradd, usermod, userdel,
groupadd, groupmod, groupdel, but combines all operations within the
single command `pw'.

User add mode also provides a means of easily setting system useradd
defaults (see pw.conf.5), so that adding a user is as easy as issuing
the command "pw useradd <loginid>". Creation of a unique primary
group for each user and automatic membership in secondary groups
is fully supported.

This program may be FreeBSD specific, but should be trivial to port to
other bsd4.4 variants.

Author and maintainer: David L. Nugent, <davidn@blaze.net.au>

$FreeBSD$