Bug 89145 - useradd uses uninitialized memory
Summary: useradd uses uninitialized memory
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: shadow-utils (Show other bugs)
(Show other bugs)
Version: 1.0
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords:
: 106218 (view as bug list)
Depends On:
Blocks: CambridgeTarget
TreeView+ depends on / blocked
 
Reported: 2003-04-18 12:05 UTC by Enrico Scholz
Modified: 2007-04-18 16:53 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-11 11:27:22 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
fixes usage of uninitialized 'user_groups' variable (486 bytes, patch)
2003-04-18 12:06 UTC, Enrico Scholz
no flags Details | Diff
shadow-4.0.0-alt-user_groups.patch (948 bytes, patch)
2004-01-21 11:57 UTC, Dmitry V. Levin
no flags Details | Diff

Description Enrico Scholz 2003-04-18 12:05:47 UTC
This a CC of a mail to shadow@pld.org.pl (I could not find an archive; the given
link is dead):

==============

Hello,

the attached patch fixes the usage of an uninitialized 'user_groups'
variable.

This variable will be initialized by the get_groups() method, which
will not be called in all cases (only when '-G' flag is given). But the
grp_update() function (which uses this variable) can be called in other
cases also (e.g. on RHL systems which are adding user-groups).

===============


Description of problem:

shadow-utils-4.0.3-6

Comment 1 Enrico Scholz 2003-04-18 12:06:19 UTC
Created attachment 91187 [details]
fixes usage of uninitialized 'user_groups' variable

Comment 2 Warren Togami 2003-04-18 12:50:11 UTC
http://www.fedora.us/pipermail/fedora-devel/2003-April/000972.html
The combination of glibc-2.3.2 and libsafe causes this to segfault on RH9 and
Mandrake 9.1.  We didn't discover this before because libsafe and older glibc
didn't trigger a segfault.

I have confirmed that the segfault no longer happens on RH9 with this patch to
shadow-utils.

Comment 3 Warren Togami 2003-04-18 13:24:24 UTC
http://qa.mandrakesoft.com/show_bug.cgi?id=3781
Mandrake equivalent


Comment 4 Bob T. 2003-10-08 12:00:01 UTC
*** Bug 106218 has been marked as a duplicate of this bug. ***

Comment 5 Warren Togami 2003-12-02 07:44:21 UTC
Can we please apply this to rawhide?  This is still an issue in FC1.

Comment 6 Dmitry V. Levin 2004-01-09 23:00:30 UTC
Could you look at shadow cvs from time to time, please: 
 
2003-06-30  Tomasz Kloczko  <kloczek@pld.org.pl> 
 
        * src/useradd.c, src/usermod.c: 
        Added initializing memory in variables when get_groups() function is not 
called, 
        and memory allocated for user_groups is not initialized (in both useradd 
and 
        usermod when -G options is used and in usermod when -l option is used). 
        That causing segfaults sometimes. 
        This fix is importand but not critical because usermod and usermod aren't 
suid 
        root. 
        Problem reported and fixed by Alexey Voinov <voins@altlinux.ru>. 
 

Comment 7 Warren Togami 2004-01-21 11:24:58 UTC
I just noticed that nalin checked in the fix into CVS on January 7th
for rawhide shadow-utils-4.0.3-17.  Perhaps external contributors
should review the SRPM to be safe.

Comment 8 Dmitry V. Levin 2004-01-21 11:55:56 UTC
usermod.c hunk is missing in the shadow-4.0.3-uninitialized.patch from 
shadow-utils-4.0.3-17.src.rpm 

Comment 9 Dmitry V. Levin 2004-01-21 11:57:18 UTC
Created attachment 97144 [details]
shadow-4.0.0-alt-user_groups.patch

Comment 10 Warren Togami 2004-01-21 11:58:31 UTC
Arg... re-opening and bugging nalin...


Comment 11 Enrico Scholz 2004-01-21 13:09:15 UTC
btw, shadow-utils 4.0.4.1 has been released which contains this fix
already


Note You need to log in before you can comment on or make changes to this bug.