Bug 455603

Summary: groupmems does not check input strings for special characters
Product: [Fedora] Fedora Reporter: Milos Malik <mmalik>
Component: shadow-utilsAssignee: Peter Vrabec <pvrabec>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 8CC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-25 12:11:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Milos Malik 2008-07-16 15:47:45 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.15) Gecko/20080702 Fedora/2.0.0.15-1.fc8 Firefox/2.0.0.15

Description of problem:
The utility should do some basic checking if the input strings contain special characters like ':', ',' etc.

Version-Release number of selected component (if applicable):
shadow-utils-4.0.18.1-22.fc8

How reproducible:
Always


Steps to Reproduce:
# useradd tu1
# useradd tu2
# groupadd tegr
# grep tegr /etc/group
tegr:x:503:
# grep tegr /etc/gshadow
tegr:!::
# groupmems -a "tu1:tu2" -g tegr
# echo $?
0
# grep tegr /etc/group
tegr:x:503:tu1:tu2
# grep tegr /etc/gshadow
tegr:!::
# groupmems -d tu2 -g tegr
Member to remove could not be found
# echo $?
6
# grep tegr /etc/group
tegr:x:503:tu1:tu2
# grep tegr /etc/gshadow
tegr:!::
# groupmems -d tu1 -g tegr
# echo $?
0
# grep tegr /etc/group
tegr:x:503:tu1
# grep tegr /etc/gshadow
tegr:!::


Actual Results:
groupmems accepts string with ':' as a username

Expected Results:
groupmems rejects string with ':' as a username

Additional info:
Comment 2 Peter Vrabec 2008-09-25 12:11:39 UTC 
fixed in 4.1.2-8
Comment 3 Peter Vrabec 2010-04-20 12:31:43 UTC 
# groupmems -a "tu1:tu2" -g tegr
groupmems: user 'tu1:tu2' does not exist
# rpm -q shadow-utils
shadow-utils-4.1.4.2-3.el6.i686
# rpm -q redhat-release
redhat-release-6-6.0.0.21.el6.i686