Bug 1291554 - lslogins crash when executed with buggy username
lslogins crash when executed with buggy username
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: util-linux (Show other bugs)
x86_64 Linux
urgent Severity high
: rc
: 7.3
Assigned To: Karel Zak
: ZStream
Depends On:
Blocks: 1203710 1289485 1313485 1317953
  Show dependency treegraph
Reported: 2015-12-15 01:51 EST by Mohit Agrawal
Modified: 2016-11-03 17:25 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1317953 (view as bug list)
Last Closed: 2016-11-03 17:25:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2605 normal SHIPPED_LIVE Low: util-linux security, bug fix, and enhancement update 2016-11-03 08:13:26 EDT

  None (edit)
Description Mohit Agrawal 2015-12-15 01:51:14 EST
Description of problem:
lslogins segfault when execute with buggy user name.

Version-Release number of selected component (if applicable):

How reproducible:
Steps to Reproduce:
1.Execute lslogins with buggy user name

Actual results:
lslogins abort due to scols_line_get_cell: Assertion `ln' failed and it is failed because user does not exist.

Expected results:

It should not segfault
Additional info:
Comment 1 Mohit Agrawal 2015-12-15 01:57:22 EST

After checked the lslogins code it seems get_user_info is returned NULL if user does not exist and initially errno is 0

static struct lslogins_user *get_user_info(struct lslogins_control *ctl, const char *username)
        struct lslogins_user *user;
        struct passwd *pwd;
        struct group *grp;
        struct spwd *shadow;
        struct utmp *user_wtmp = NULL, *user_btmp = NULL;
        int n = 0;
        time_t time;
        uid_t uid;
        errno = 0;

        pwd = username ? getpwnam(username) : getpwent();
        if (!pwd)
                return NULL;



In function get_user to validate about error it is doing logical and with errno but if errno is 0 in that case the code path will not execute even user is NULL so it will return 0,It should check if user is NULL then should return -1.

static int get_user(struct lslogins_control *ctl, struct lslogins_user **user,const char *username)
             *user = get_user_info(ctl, username);
             if (!*user && errno)
                     if (IS_REAL_ERRNO(errno))
                             return -1;
             return 0;

I think after update above condition it will execute successfully.
Comment 3 Karel Zak 2015-12-15 05:41:18 EST
Fixed by upstream commit 123f0f5bf00635e5dd7e5cbc73f906bf2a0bed9c.

It would be probably nice to rebase all lslogins.c with the current upstream. There is many another bugfixes.
Comment 15 Terry Bowling 2016-04-04 08:23:56 EDT
Does this also affect RHEL 6?  Should this be cloned?
Comment 16 Karel Zak 2016-04-04 10:21:21 EDT
(In reply to Terry Bowling from comment #15)
> Does this also affect RHEL 6?  Should this be cloned?

The most fatal issues should be already fixed in RHEL6.8 (see bug #1215840), the last missing things for RHEL6 are nonsenses in --help output.
Comment 20 errata-xmlrpc 2016-11-03 17:25:49 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.