diff options
Diffstat (limited to 'core/shadow/userdel-avoid-bad-mem-access.patch')
| -rw-r--r-- | core/shadow/userdel-avoid-bad-mem-access.patch | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/core/shadow/userdel-avoid-bad-mem-access.patch b/core/shadow/userdel-avoid-bad-mem-access.patch new file mode 100644 index 000000000..1d36562b2 --- /dev/null +++ b/core/shadow/userdel-avoid-bad-mem-access.patch @@ -0,0 +1,57 @@ +Index: src/userdel.c +=================================================================== +--- src/userdel.c (revision 3713) ++++ src/userdel.c (working copy) +@@ -329,26 +329,33 @@ + } + + if (NULL == pwd) { ++ char gr_name[GROUP_NAME_MAX_LENGTH + 1]; ++ ++ /* make a copy of the group name before we delete it. ++ * we can't use ->gr_name after the group is deleted ++ * for logging purposes */ ++ snprintf(gr_name, GROUP_NAME_MAX_LENGTH, "%s", grp->gr_name); ++ + /* + * We can remove this group, it is not the primary + * group of any remaining user. + */ +- if (gr_remove (grp->gr_name) == 0) { ++ if (gr_remove (gr_name) == 0) { + fprintf (stderr, + _("%s: cannot remove entry '%s' from %s\n"), +- Prog, grp->gr_name, gr_dbname ()); ++ Prog, gr_name, gr_dbname ()); + fail_exit (E_GRP_UPDATE); + } + + #ifdef WITH_AUDIT + audit_logger (AUDIT_DEL_GROUP, Prog, + "deleting group", +- grp->gr_name, AUDIT_NO_ID, ++ gr_name, AUDIT_NO_ID, + SHADOW_AUDIT_SUCCESS); + #endif /* WITH_AUDIT */ + SYSLOG ((LOG_INFO, + "removed group '%s' owned by '%s'\n", +- grp->gr_name, user_name)); ++ gr_name, user_name)); + + #ifdef SHADOWGRP + if (sgr_locate (user_name) != NULL) { +@@ -361,12 +368,12 @@ + #ifdef WITH_AUDIT + audit_logger (AUDIT_DEL_GROUP, Prog, + "deleting shadow group", +- grp->gr_name, AUDIT_NO_ID, ++ gr_name, AUDIT_NO_ID, + SHADOW_AUDIT_SUCCESS); + #endif /* WITH_AUDIT */ + SYSLOG ((LOG_INFO, + "removed shadow group '%s' owned by '%s'\n", +- grp->gr_name, user_name)); ++ gr_name, user_name)); + + } + #endif /* SHADOWGRP */ |