Page MenuHomeFreeBSD
Differential D6840

pw(8) should sanitize the argument of -w
ClosedPublic
Actions

Authored by asomers on Jun 13 2016, 10:07 PM.
Tags
None
Referenced Files
F106650875: D6840.diff
Fri, Jan 3, 9:34 AM
Unknown Object (File)
Oct 3 2024, 3:16 AM
Unknown Object (File)
Oct 3 2024, 1:00 AM
Unknown Object (File)
Oct 2 2024, 3:17 PM
Unknown Object (File)
Oct 2 2024, 12:39 PM
Unknown Object (File)
Oct 1 2024, 8:45 AM
Unknown Object (File)
Sep 27 2024, 10:50 AM
Unknown Object (File)
Sep 27 2024, 9:12 AM
View All 58 Files
Subscribers
imp

Details

Reviewers
brd
bapt
Commits
rS302778: pw should sanitize the argument of -w.
Summary

pw should sanitize the argument of -w. Otherwise, it will silently disable
the login for the selected account.

Test Plan

Added ATF tests

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Warnings
SeverityLocationCodeMessage
Warningusr.sbin/pw/tests/pw_useradd.sh:CHMOD1Invalid Executable
Warningusr.sbin/pw/tests/pw_usermod.sh:CHMOD1Invalid Executable
Unit
No Test Coverage
Build Status
Buildable 4222
Build 4266: arc lint + arc unit

Event Timeline

asomers updated this revision to Diff 17565.Jun 13 2016, 10:07 PM
asomers retitled this revision from to pw(8) should sanitize the argument of -w.
asomers updated this object.
asomers edited the test plan for this revision. (Show Details)
asomers added reviewers: brd, bapt.
Herald added a subscriber: imp. · View Herald TranscriptJun 13 2016, 10:07 PM
bapt accepted this revision.Jun 14 2016, 7:48 AM
bapt edited edge metadata.
This revision is now accepted and ready to land.Jun 14 2016, 7:48 AM
bapt added inline comments.Jun 14 2016, 7:50 AM
usr.sbin/pw/tests/pw_usermod.sh
250

sorry I have no idea here :(

asomers added inline comments.Jun 14 2016, 2:42 PM
usr.sbin/pw/tests/pw_usermod.sh
250

Too bad. Expect would work, but that's in ports. If I don't find another way, I'll just check in code that checks for the "^foo:\$" pattern.

asomers updated this revision to Diff 17581.Jun 14 2016, 5:14 PM
asomers edited edge metadata.

Properly test the -h and -w random options.

This revision now requires review to proceed.Jun 14 2016, 5:14 PM
asomers added a comment.Jun 23 2016, 8:31 PM

bapt, are you cool with this change? I'm traveling next week, so tomorrow (24-June) is my last chance to commit anything before the stable/11 branch.

bapt added a comment.Jul 1 2016, 7:06 AM

Yes I am, sorry for the delay :(

Closed by commit rS302778: pw should sanitize the argument of -w. (authored by asomers). · Explain WhyJul 13 2016, 5:09 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
usr.sbin/
pw/
1 line
20 lines
4 lines
tests/
5 lines
17 lines
57 lines
60 lines

Diff 17581

View Options

usr.sbin/pw/pw.h

Loading...
View Options

usr.sbin/pw/pw_conf.c

Loading...
View Options

usr.sbin/pw/pw_user.c

Loading...
View Options

usr.sbin/pw/tests/Makefile

Loading...
View Options

usr.sbin/pw/tests/crypt.c

Loading...
View Options

usr.sbin/pw/tests/pw_useradd.sh

Loading...
View Options

usr.sbin/pw/tests/pw_usermod.sh

Loading...