Page MenuHomeFreeBSD

pw(8) should sanitize the argument of -w
ClosedPublic

Authored by asomers on Jun 13 2016, 10:07 PM.
Tags
None
Referenced Files
F132264579: D6840.diff
Wed, Oct 15, 7:49 AM
Unknown Object (File)
Fri, Oct 10, 8:29 AM
Unknown Object (File)
Sun, Oct 5, 12:59 AM
Unknown Object (File)
Sat, Oct 4, 5:28 AM
Unknown Object (File)
Wed, Sep 17, 11:43 PM
Unknown Object (File)
Sep 13 2025, 5:06 AM
Unknown Object (File)
Aug 20 2025, 11:02 PM
Unknown Object (File)
Aug 14 2025, 11:17 AM
Subscribers

Details

Summary

pw should sanitize the argument of -w. Otherwise, it will silently disable
the login for the selected account.

Test Plan

Added ATF tests

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

asomers retitled this revision from to pw(8) should sanitize the argument of -w.
asomers updated this object.
asomers edited the test plan for this revision. (Show Details)
asomers added reviewers: brd, bapt.
bapt edited edge metadata.
This revision is now accepted and ready to land.Jun 14 2016, 7:48 AM
usr.sbin/pw/tests/pw_usermod.sh
249 ↗(On Diff #17565)

sorry I have no idea here :(

usr.sbin/pw/tests/pw_usermod.sh
249 ↗(On Diff #17565)

Too bad. Expect would work, but that's in ports. If I don't find another way, I'll just check in code that checks for the "^foo:\$" pattern.

asomers edited edge metadata.

Properly test the -h and -w random options.

This revision now requires review to proceed.Jun 14 2016, 5:14 PM

bapt, are you cool with this change? I'm traveling next week, so tomorrow (24-June) is my last chance to commit anything before the stable/11 branch.

Yes I am, sorry for the delay :(

This revision was automatically updated to reflect the committed changes.