Bug 1206462

Summary: On RHEL7, the problem occurs if the entry of the file "/etc/passwd" is more than 1024 characters.
Product: Red Hat Enterprise Linux 7 Reporter: kyoneyama <kyoneyam>
Component: glibcAssignee: Carlos O'Donell <codonell>
Status: CLOSED ERRATA QA Contact: qe-baseos-tools-bugs
Severity: high Docs Contact:
Priority: high    
Version: 7.1CC: ashankar, fweimer, mnewsome, pfrankli
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-15 08:33:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description kyoneyama 2015-03-27 08:04:12 UTC 
Description of problem:

On RHEL7, the problem occurs in the user information acquisition if the entry of the file "/etc/passwd" is more than 1024 characters.

Then, the user cannot log in successfully.

Prior to RHEL7(e.g. RHEL6, RHEL5), it did not occur.


Version-Release number of selected component (if applicable):

- Red Hat Enterprise Linux 7
- glibc-2.17-78.el7

How reproducible:

Always


Steps to Reproduce:
1. Create text file to fill comment field.

   # for i in {1..99}; do echo -n "1234567890" >> list.txt ; done
   # wc list.txt
      0   1 990 list.txt 

2. Add new user adding -c option.

   # useradd -c `cat list.txt` testuser1

3. Check a result of `getent passwd`.

  # getent passwd testuser1

4. Check whether the user can log in.


Actual results:

  # getent passwd testuser1
  testuser1:x:1001:1001:12345678901234567890(..snip..)123456789:/home/test?:


  rhel7-minimal login: testuser1
  Password:
  Last login: Fri Mar 27 15:50:06 JST 2015 on tty2
   -- testuser1: warning: change directory failed: No such file or directory
  Logging in with home = "/".
  -sh-4.2$ 


Expected results:

  # getent passwd testuser1
  testuser1:x:1001:1001:12345678901234567890(..snip..)123456789:/home/testuser1:/bin/bash


  rhel7-minimal login: testuser1
  Password:
  Last login: Fri Mar 27 15:52:06 JST 2015 on tty2
  [testuser1@rhel7-minimal ~]$ 


Additional info:
Comment 2 Florian Weimer 2015-12-11 10:23:44 UTC 
(In reply to kyoneyama from comment #0)

> Actual results:
> 
>   # getent passwd testuser1
>   testuser1:x:1001:1001:12345678901234567890(..snip..)123456789:/home/test?:

This looks like bug 1262914 (CVE-2015-5277), which was fixed in this erratum:

  https://rhn.redhat.com/errata/RHSA-2015-2172.html