From brion@coven.queeg.com  Mon Jul 15 22:07:58 1996
Received: from coven.queeg.com (queeg.com [204.95.70.218])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id WAA03847
          for <FreeBSD-gnats-submit@freebsd.org>; Mon, 15 Jul 1996 22:07:56 -0700 (PDT)
Received: (from brion@localhost) by coven.queeg.com (8.7.4/8.7.1) id WAA18710; Mon, 15 Jul 1996 22:07:46 -0700 (PDT)
Message-Id: <199607160507.WAA18710@coven.queeg.com>
Date: Mon, 15 Jul 1996 22:07:46 -0700 (PDT)
From: Brion Moss <brion@queeg.com>
Reply-To: brion@queeg.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: Group file errors cause absolute havoc
X-Send-Pr-Version: 3.2

>Number:         1387
>Category:       bin
>Synopsis:       Group file errors cause absolute havoc [PATCH]
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 15 22:10:01 PDT 1996
>Closed-Date:    Wed Sep 16 15:21:45 MDT 1998
>Last-Modified:  Wed Sep 16 15:22:22 MDT 1998
>Originator:     Brion Moss
>Release:        FreeBSD 2.1-STABLE i386
>Organization:
NetDaemons Associates
>Environment:

	FreeBSD 2.1.0-RELEASE Pentium 133

>Description:

	If you add an erroneous entry in the /etc/group file (in this
	case, it was "majordom: majordom" -- just about everything on 
	the system breaks without any explanation.  Better error-checking
	code might be nice...SunOS, for instance, does not fall prey
	to this.

>How-To-Repeat:

	echo "majordom: majordom" >> /etc/group
	Many things (sendmail, httpd, cron, etc.) will now break.

>Fix:
	
	Try to be careful not to make typos when editing the group file.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: scrappy 
State-Changed-When: Tue Oct 22 21:40:11 PDT 1996 
State-Changed-Why:  

Confirm Status 

From: Giles Lean <giles@nemeton.com.au>
To: freebsd-gnats-submit@freebsd.org
Cc:  Subject: Re: bin/1387: Group file errors cause absolute havoc
Date: Sat, 11 Jan 1997 22:59:58 -0500

 --------------1CFBAE3959E2B60015FB7483
 Content-Type: text/plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 
 This problem is due to getpwent() and friends bailing out on
 malformed lines instead of ignoring them.
 
 The following patch to the 2.2 candidate code causes malformed
 lines to be ignored.
 
 For reference the NetBSD code has the same changes made.
 
 A similar problem needs to be fixed in the dynamic buffer code
 in 3.0-current, but the 2.2 release is more urgent.
 
 -- 
 
 Giles Lean             <giles@nemeton.com.au>           +61 3 9480 2118
 Nemeton Pty. Ltd.                                   fax +61 3 9480 1771
 PGP Key fingerprint =  9F FB 28 37 81 F2 AC F3  8A B0 37 E5 73 CF 39 E7
 
 --------------1CFBAE3959E2B60015FB7483
 Content-Type: text/plain; charset=us-ascii; name="diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline; filename="diff"
 
 Index: getgrent.c
 ===================================================================
 RCS file: /a/FreeBSD/CVS/src/lib/libc/gen/getgrent.c,v
 retrieving revision 1.12.2.1
 diff -c -r1.12.2.1 getgrent.c
 *** getgrent.c	1996/12/31 17:42:28	1.12.2.1
 - --- getgrent.c	1997/01/11 09:59:20
 ***************
 *** 236,242 ****
   			continue;
   		}
   		if ((_gr_group.gr_name = strsep(&bp, ":\n")) == NULL)
 ! 			break;
   #ifdef YP
   		/*
   		 * XXX   We need to be careful to avoid proceeding
 --- 236,242 ----
   			continue;
   		}
   		if ((_gr_group.gr_name = strsep(&bp, ":\n")) == NULL)
 ! 			continue;
   #ifdef YP
   		/*
   		 * XXX   We need to be careful to avoid proceeding
 ***************
 *** 282,293 ****
   			if (_ypfound)
   				return(1);
   			else
 ! 				break;
   		if (strlen(cp) || !_ypfound)
   			_gr_group.gr_passwd = cp;
   #else
   		if ((_gr_group.gr_passwd = strsep(&bp, ":\n")) == NULL)
 ! 			break;
   #endif
   		if (!(cp = strsep(&bp, ":\n")))
   #ifdef YP
 --- 282,293 ----
   			if (_ypfound)
   				return(1);
   			else
 ! 				continue;
   		if (strlen(cp) || !_ypfound)
   			_gr_group.gr_passwd = cp;
   #else
   		if ((_gr_group.gr_passwd = strsep(&bp, ":\n")) == NULL)
 ! 			continue;
   #endif
   		if (!(cp = strsep(&bp, ":\n")))
   #ifdef YP
 ***************
 *** 308,314 ****
   			continue;
   		cp = NULL;
   		if (bp == NULL) /* !!! Must check for this! */
 ! 			break;
   #ifdef YP
   		if ((cp = strsep(&bp, ":\n")) == NULL)
   			break;
 --- 308,314 ----
   			continue;
   		cp = NULL;
   		if (bp == NULL) /* !!! Must check for this! */
 ! 			continue;
   #ifdef YP
   		if ((cp = strsep(&bp, ":\n")) == NULL)
   			break;
 
 --------------1CFBAE3959E2B60015FB7483--
Responsible-Changed-From-To: freebsd-bugs->davidn 
Responsible-Changed-By: davidn 
Responsible-Changed-When: Sun Jan 12 23:44:46 EST 1997 
Responsible-Changed-Why:  
I'll be working on groups code shortly and planned on doing something 
similar anyway. 

From: davidn@unique.usn.blaze.net.au (David Nugent)
To: giles@nemeton.com.au (Giles Lean)
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/1387: Group file errors cause absolute havoc
Date: Sat, 11 Jan 1997 23:46:56 +0000

 Giles Lean writes:
 >  This problem is due to getpwent() and friends bailing out on
 >  malformed lines instead of ignoring them.
 
 FWIW, yes, I agree. I also think problems of this kind should be
 notified in syslog. There is currently no syntax checking on
 /etc/group as there is with /etc/{master.}passwd (in pwd_mkdb),
 and it is too easy to get wrong if you edit it manually.
 
 Regards,
 
 David Nugent - Unique Computing Pty Ltd - Melbourne, Australia
 Voice +61-3-9791-9547  Data/BBS +61-3-9792-3507  3:632/348@fidonet
 davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/

From: Giles Lean <giles@nemeton.com.au>
To: freebsd-gnats-submit@freebsd.org
Cc:  Subject: Re: bin/1387: Group file errors cause absolute havoc 
Date: Sun, 12 Jan 1997 18:17:23 -0500

 On Sat, 11 Jan 1997 23:46:56 +0000  David Nugent wrote:
 
 > >  This problem is due to getpwent() and friends bailing out on
 > >  malformed lines instead of ignoring them.
 > 
 > FWIW, yes, I agree. I also think problems of this kind should be
 > notified in syslog.
 
 I thought about this but decided that too many things parsed
 /etc/group too often to make this standard.  Better to run grpck (hmm,
 we don't have one) at the time of the edit.
 
 I also wanted the patch to be as small and simple as possible in the
 event that it could be included into 2.2.  The current behaviour is
 nasty. :-(
 
 Regards,
 
 Giles
State-Changed-From-To: feedback->analyzed 
State-Changed-By: davidn 
State-Changed-When: Tue Jan 14 04:45:30 EST 1997 
State-Changed-Why:  
Fixed/closed for RELENG2_2 branch only. -current branch pending 
other work to be committed (namely group db addition). 
In addition to ignoring invalid lines, a syslog message at 
at LOG_ALERT priority will be issued. Hopefully this will 
get someone's attention. :-) 
State-Changed-From-To: analyzed->suspended 
State-Changed-By: phk 
State-Changed-When: Tue Apr 14 11:50:50 PDT 1998 
State-Changed-Why:  
->suspended 


Responsible-Changed-From-To: davidn->freebsd-bugs 
Responsible-Changed-By: phk 
Responsible-Changed-When: Tue Apr 14 11:50:50 PDT 1998 
Responsible-Changed-Why:  
State-Changed-From-To: suspended->closed 
State-Changed-By: imp 
State-Changed-When: Wed Sep 16 15:21:45 MDT 1998 
State-Changed-Why:  
This has been corrected in -current. 
>Unformatted:
