git: 436af5715cdb - main - flua: Fix SIGSEGV in lua_chown when uid/gid doesn't exist

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Jesús Daniel Colmenares Oviedo <dtxdf_at_FreeBSD.org>
Date: Sun, 08 Feb 2026 20:50:18 UTC

The branch main has been updated by dtxdf:

URL: https://cgit.FreeBSD.org/src/commit/?id=436af5715cdbea87de53d63fcc3762591d93b028

commit 436af5715cdbea87de53d63fcc3762591d93b028
Author:     Jesús Daniel Colmenares Oviedo <dtxdf@FreeBSD.org>
AuthorDate: 2026-02-08 20:35:25 +0000
Commit:     Jesús Daniel Colmenares Oviedo <dtxdf@FreeBSD.org>
CommitDate: 2026-02-08 20:35:25 +0000

    flua: Fix SIGSEGV in lua_chown when uid/gid doesn't exist
    
    When lua_chown is used to call chown(2) internally, it first resolves
    the user and/or group by calling the getpwnam_r(3) and getgrnam_r(3)
    functions, respectively. However, although it checks for errors, it does
    not check when entries are not found (which is not an error), which
    means that the buffer will be set to NULL, and since lua_chown attempts
    to access the NULL structure, it will receive a SIGSEGV signal.
    
    Reviewed by:                    imp@
    Approved by:                    imp@
    Differential Revision:          https://reviews.freebsd.org/D55172
---
 libexec/flua/modules/lposix.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libexec/flua/modules/lposix.c b/libexec/flua/modules/lposix.c
index a25e875045a2..57e78adb1488 100644
--- a/libexec/flua/modules/lposix.c
+++ b/libexec/flua/modules/lposix.c
@@ -100,11 +100,11 @@ lua_chown(lua_State *L)
 		owner = (uid_t)lua_tointeger(L, 2);
 	else if (lua_isstring(L, 2)) {
 		char buf[4096];
-		struct passwd passwd, *pwd;
+		struct passwd passwd, *pwd = NULL;
 
 		error = getpwnam_r(lua_tostring(L, 2), &passwd,
 		    buf, sizeof(buf), &pwd);
-		if (error == 0)
+		if (pwd != NULL && error == 0)
 			owner = pwd->pw_uid;
 		else
 			return (luaL_argerror(L, 2,
@@ -121,11 +121,11 @@ lua_chown(lua_State *L)
 		group = (gid_t)lua_tointeger(L, 3);
 	else if (lua_isstring(L, 3)) {
 		char buf[4096];
-		struct group gr, *grp;
+		struct group gr, *grp = NULL;
 
 		error = getgrnam_r(lua_tostring(L, 3), &gr, buf, sizeof(buf),
 		    &grp);
-		if (error == 0)
+		if (grp != NULL && error == 0)
 			group = grp->gr_gid;
 		else
 			return (luaL_argerror(L, 3,