Page MenuHomeFreeBSD
Differential D6840

pw(8) should sanitize the argument of -w
ClosedPublic
Actions

Authored by asomers on Jun 13 2016, 10:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Oct 15, 7:49 AM
Unknown Object (File)
Fri, Oct 10, 8:29 AM
Unknown Object (File)
Sun, Oct 5, 12:59 AM
Unknown Object (File)
Sat, Oct 4, 5:28 AM
Unknown Object (File)
Sep 17 2025, 11:43 PM
Unknown Object (File)
Sep 13 2025, 5:06 AM
Unknown Object (File)
Aug 20 2025, 11:02 PM
Unknown Object (File)
Aug 14 2025, 11:17 AM
View All Files
Subscribers
imp

Details

Reviewers
brd
bapt
Commits
rS302778: pw should sanitize the argument of -w.
Summary

pw should sanitize the argument of -w. Otherwise, it will silently disable
the login for the selected account.

Test Plan

Added ATF tests

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

asomers updated this revision to Diff 17565.Jun 13 2016, 10:07 PM
asomers retitled this revision from to pw(8) should sanitize the argument of -w.
asomers updated this object.
asomers edited the test plan for this revision. (Show Details)
asomers added reviewers: brd, bapt.
Herald added a subscriber: imp. · View Herald TranscriptJun 13 2016, 10:07 PM
bapt accepted this revision.Jun 14 2016, 7:48 AM
bapt edited edge metadata.
This revision is now accepted and ready to land.Jun 14 2016, 7:48 AM
bapt added inline comments.Jun 14 2016, 7:50 AM
usr.sbin/pw/tests/pw_usermod.sh
249 ↗(On Diff #17565)

sorry I have no idea here :(

asomers added inline comments.Jun 14 2016, 2:42 PM
usr.sbin/pw/tests/pw_usermod.sh
249 ↗(On Diff #17565)

Too bad. Expect would work, but that's in ports. If I don't find another way, I'll just check in code that checks for the "^foo:\$" pattern.

asomers updated this revision to Diff 17581.Jun 14 2016, 5:14 PM
asomers edited edge metadata.

Properly test the -h and -w random options.

This revision now requires review to proceed.Jun 14 2016, 5:14 PM
asomers added a comment.Jun 23 2016, 8:31 PM

bapt, are you cool with this change? I'm traveling next week, so tomorrow (24-June) is my last chance to commit anything before the stable/11 branch.

bapt added a comment.Jul 1 2016, 7:06 AM

Yes I am, sorry for the delay :(

Closed by commit rS302778: pw should sanitize the argument of -w. (authored by asomers). · Explain WhyJul 13 2016, 5:09 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
usr.sbin/
pw/
1 line
20 lines
4 lines
tests/
5 lines
45 lines
57 lines
60 lines

Diff 18384

View Options

head/usr.sbin/pw/pw.h

Loading...
View Options

head/usr.sbin/pw/pw_conf.c

Loading...
View Options

head/usr.sbin/pw/pw_user.c

Loading...
View Options

head/usr.sbin/pw/tests/Makefile

Loading...
View Options

head/usr.sbin/pw/tests/crypt.c

Loading...
View Options

head/usr.sbin/pw/tests/pw_useradd.sh

Loading...
View Options

head/usr.sbin/pw/tests/pw_usermod.sh

Loading...