This a CC of a mail to shadow.pl (I could not find an archive; the given link is dead): ============== Hello, the attached patch fixes the usage of an uninitialized 'user_groups' variable. This variable will be initialized by the get_groups() method, which will not be called in all cases (only when '-G' flag is given). But the grp_update() function (which uses this variable) can be called in other cases also (e.g. on RHL systems which are adding user-groups). =============== Description of problem: shadow-utils-4.0.3-6
Created attachment 91187 [details] fixes usage of uninitialized 'user_groups' variable
http://www.fedora.us/pipermail/fedora-devel/2003-April/000972.html The combination of glibc-2.3.2 and libsafe causes this to segfault on RH9 and Mandrake 9.1. We didn't discover this before because libsafe and older glibc didn't trigger a segfault. I have confirmed that the segfault no longer happens on RH9 with this patch to shadow-utils.
http://qa.mandrakesoft.com/show_bug.cgi?id=3781 Mandrake equivalent
*** Bug 106218 has been marked as a duplicate of this bug. ***
Can we please apply this to rawhide? This is still an issue in FC1.
Could you look at shadow cvs from time to time, please: 2003-06-30 Tomasz Kloczko <kloczek.pl> * src/useradd.c, src/usermod.c: Added initializing memory in variables when get_groups() function is not called, and memory allocated for user_groups is not initialized (in both useradd and usermod when -G options is used and in usermod when -l option is used). That causing segfaults sometimes. This fix is importand but not critical because usermod and usermod aren't suid root. Problem reported and fixed by Alexey Voinov <voins>.
I just noticed that nalin checked in the fix into CVS on January 7th for rawhide shadow-utils-4.0.3-17. Perhaps external contributors should review the SRPM to be safe.
usermod.c hunk is missing in the shadow-4.0.3-uninitialized.patch from shadow-utils-4.0.3-17.src.rpm
Created attachment 97144 [details] shadow-4.0.0-alt-user_groups.patch
Arg... re-opening and bugging nalin...
btw, shadow-utils 4.0.4.1 has been released which contains this fix already