From 8f0f1d6c9315d10dacdb26ff6cc9059a7a565eb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6ren=20Tempel?= Date: Sat, 12 Jan 2019 00:01:34 +0100 Subject: [PATCH] adduser: prevent creation from invalid entry without -s If -s is not specified adduser uses get_shell_name() to determine the shell it should use for the newly created user. If SHELL is not set this function uses getpwnam(3) to determine the shell of the current user and returns that. getpwnam(3) uses static storage and is called again in passwd_study() overwriting the memory location get_shell_name() returned a pointer to. Thereby potentially creating an entry with an invalid shell. To fix this xstrdup() the return value of get_shell_name(). This approach is also used by crond, ifupdown and svlogd. --- loginutils/adduser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/loginutils/adduser.c b/loginutils/adduser.c index b2b5be5b3..7e5a85c33 100644 --- a/loginutils/adduser.c +++ b/loginutils/adduser.c @@ -198,7 +198,7 @@ int adduser_main(int argc UNUSED_PARAM, char **argv) pw.pw_gecos = (char *)"Linux User,,,"; /* We assume that newly created users "inherit" root's shell setting */ - pw.pw_shell = (char *)get_shell_name(); + pw.pw_shell = xstrdup(get_shell_name()); pw.pw_dir = NULL; opts = getopt32long(argv, "^"