aboutsummaryrefslogtreecommitdiffstats
path: root/main/busybox/0001-adduser-prevent-creation-from-invalid-entry-without-.patch
diff options
context:
space:
mode:
authorSören Tempel <soeren+git@soeren-tempel.net>2019-01-12 00:13:49 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2019-01-12 11:44:45 +0000
commit4a3258e65e2f2e79256cc2736ebaf5480dd69b58 (patch)
treebd26a628b035d73d23df3aa45bd0de046269f91a /main/busybox/0001-adduser-prevent-creation-from-invalid-entry-without-.patch
parent96a4b82036347b0908f035b682035adc6a6cdedc (diff)
downloadaports-4a3258e65e2f2e79256cc2736ebaf5480dd69b58.tar.gz
aports-4a3258e65e2f2e79256cc2736ebaf5480dd69b58.tar.bz2
aports-4a3258e65e2f2e79256cc2736ebaf5480dd69b58.tar.xz
main/busybox: fix creation of invalid shell entry by adduser
Fixes #5083 Fixes #6742
Diffstat (limited to 'main/busybox/0001-adduser-prevent-creation-from-invalid-entry-without-.patch')
-rw-r--r--main/busybox/0001-adduser-prevent-creation-from-invalid-entry-without-.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/main/busybox/0001-adduser-prevent-creation-from-invalid-entry-without-.patch b/main/busybox/0001-adduser-prevent-creation-from-invalid-entry-without-.patch
new file mode 100644
index 0000000000..0bca3b7b51
--- /dev/null
+++ b/main/busybox/0001-adduser-prevent-creation-from-invalid-entry-without-.patch
@@ -0,0 +1,33 @@
+From 8f0f1d6c9315d10dacdb26ff6cc9059a7a565eb3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Sat, 12 Jan 2019 00:01:34 +0100
+Subject: [PATCH] adduser: prevent creation from invalid entry without -s
+
+If -s is not specified adduser uses get_shell_name() to determine the
+shell it should use for the newly created user. If SHELL is not set this
+function uses getpwnam(3) to determine the shell of the current user and
+returns that.
+
+getpwnam(3) uses static storage and is called again in passwd_study()
+overwriting the memory location get_shell_name() returned a pointer to.
+Thereby potentially creating an entry with an invalid shell.
+
+To fix this xstrdup() the return value of get_shell_name(). This
+approach is also used by crond, ifupdown and svlogd.
+---
+ loginutils/adduser.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/loginutils/adduser.c b/loginutils/adduser.c
+index b2b5be5b3..7e5a85c33 100644
+--- a/loginutils/adduser.c
++++ b/loginutils/adduser.c
+@@ -198,7 +198,7 @@ int adduser_main(int argc UNUSED_PARAM, char **argv)
+
+ pw.pw_gecos = (char *)"Linux User,,,";
+ /* We assume that newly created users "inherit" root's shell setting */
+- pw.pw_shell = (char *)get_shell_name();
++ pw.pw_shell = xstrdup(get_shell_name());
+ pw.pw_dir = NULL;
+
+ opts = getopt32long(argv, "^"