[dev] [ubase] Fixing passwd crash

From: Michael Forney <mforney_AT_mforney.org>
Date: Tue, 25 Jun 2019 21:52:29 -0700

I noticed that when passwd in ubase is changing a password, it will
try to dereference a NULL pointer when /etc/shadow exists, but the
user's password is not stored in /etc/shadow (i.e. marked with "x" in
/etc/passwd). It will try to save the spw entry if /etc/shadow exists,
even if the shadow entry wasn't used (in which case spw is NULL).

I can think of a couple solutions, but I'm not sure what the right behavior is.

1. Always store the password in /etc/shadow (or tcb shadow) if it
exists, so if a password in /etc/passwd is updated, it is moved to
shadow and the passwd entry is replaced with "x".

2. Always store the password in the location the previous one was stored in.

I'm thinking (1) might be the best option. Does anyone know what other
implementations do?
Received on Wed Jun 26 2019 - 06:52:29 CEST

This archive was generated by hypermail 2.3.0 : Wed Jun 26 2019 - 07:36:08 CEST