From cjc@attbi.com  Thu Jul 11 22:45:25 2002
Return-Path: <cjc@attbi.com>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EB00D37B400
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 11 Jul 2002 22:45:25 -0700 (PDT)
Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9507943E6A
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 11 Jul 2002 22:45:25 -0700 (PDT)
	(envelope-from cjc@attbi.com)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc51.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020712054525.MNKM24728.rwcrmhc51.attbi.com@blossom.cjclark.org>
          for <FreeBSD-gnats-submit@freebsd.org>;
          Fri, 12 Jul 2002 05:45:25 +0000
Received: from blossom.cjclark.org (localhost. [127.0.0.1])
	by blossom.cjclark.org (8.12.3/8.12.3) with ESMTP id g6C5jOJK044050
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 11 Jul 2002 22:45:25 -0700 (PDT)
	(envelope-from cjc@blossom.cjclark.org)
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.12.3/8.12.3/Submit) id g6C5jOx1044049;
	Thu, 11 Jul 2002 22:45:24 -0700 (PDT)
Message-Id: <200207120545.g6C5jOx1044049@blossom.cjclark.org>
Date: Thu, 11 Jul 2002 22:45:24 -0700 (PDT)
From: "Crist J. Clark" <cjc@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: chpass(1) -a option broken in CURRENT
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         40471
>Category:       bin
>Synopsis:       chpass(1) -a option broken in CURRENT
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 11 22:50:01 PDT 2002
>Closed-Date:    Tue Mar 04 10:14:30 UTC 2008
>Last-Modified:  Tue Mar 04 10:14:30 UTC 2008
>Originator:     Crist J. Clark
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
	FreeBSD 5.0-CURRENT.

>Description:
	The -a option for chpass(1) is broken. chpass(1) will SIGSEGV
and die when a NULL pointer is referenced. This is due to the fact
that when YP is #defined, the following,

#ifdef YP
	if ((pw->pw_fields & _PWF_SOURCE) == _PWF_NIS) {

Code is run unconditionally. But in the '-a' case, we have not looked
up a struct passwd pw yet, and pw == NULL.

>How-To-Repeat:

  # chpass -a 'test1:*:666:666::0:0: & User:/nonexistent:/nonexistent'
  Segmentation fault
  #

>Fix:
	We need a way to figure out the 'master_mode' when we have not
yet loaded pw.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: cjc 
Responsible-Changed-When: Thu Jul 11 23:00:22 PDT 2002 
Responsible-Changed-Why:  
I believe des was the one who put in the effort to reorganize the 
passwd commands and functions. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=40471 

From: Joerg Wunsch <j@uriah.heep.sax.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/40471: chpass(1) -a option broken in CURRENT
Date: Tue, 29 Oct 2002 14:37:02 +0100

 Just for the record:
 
 I fixed the obvious bug to avoid dereferencing the NULL
 pointer in a setuid root program.
 
 How to find out whether we are the NIS master in case of using
 the -a option still needs to be determined.
 -- 
 cheers, J"org               .-.-.   --... ...--   -.. .  DL8DTL
 
 http://www.sax.de/~joerg/                        NIC: JW11-RIPE
 Never trust an operating system you don't have sources for. ;-)
State-Changed-From-To: open->feedback 
State-Changed-By: gavin 
State-Changed-When: Mon Mar 3 13:10:24 UTC 2008 
State-Changed-Why:  
To submitter: it looks like the segfault was fixed in chpass.c 1.24, 
back in 2002, and has been fixed in every version since FreeBSD 5.x. 
Are you happy that this PR can be closed? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=40471 
State-Changed-From-To: feedback->closed 
State-Changed-By: gavin 
State-Changed-When: Tue Mar 4 10:13:49 UTC 2008 
State-Changed-Why:  
This was fixed a long time ago, submitter is happy for it to be closed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=40471 
>Unformatted:
