Coredump in chkgrp (was Re: unknown coredump !)

[Fredrik Lindberg]

Colin Percival wrote:
> [Bug report CCed to author of bug]
> 
> Nikolay Kalev wrote:
> 
>>chkgrp: /etc/group: line 30: missing field(s)
>>Segmentation fault (core dumped)
>>Exit 3
>>
>>so i found the problem in my group file there was a bugy line that i
>>added ... i;m not sure if this is normal to coredump when the syntax in
>>/etc/group is mistaken ???
>>
>>the line was : "user:1001:" and it has to be "user:*:1001:"
> 
> 
> This bug was added in revision 1.9 of src/usr.sbin/chkgrp/chkgrp.c.  If
> a line of the group file has the wrong number of fields, the pointers
> f[0], f[1], f[2], and f[3] might point at deadc0de; prior to this revision,
> the number of fields was checked first and processing halted if it was
> wrong.
> 
> I'm busy for the next few days, but if this is still unfixed on Monday I'll
> take care of it.
> 
> Colin Percival

Here is a patch that should fix this.

	Fredrik Lindberg

-------------- next part --------------
Index: chkgrp.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/chkgrp/chkgrp.c,v
retrieving revision 1.10
diff -u -r1.10 chkgrp.c
--- chkgrp.c	4 Aug 2005 12:44:36 -0000	1.10
+++ chkgrp.c	25 Aug 2005 10:50:25 -0000
@@ -133,18 +133,20 @@
 	}
 	
 	/* check that none of the fields contain whitespace */
-	for (k = 0; k < 4; k++) {
-	    if (strcspn(f[k], " \t") != strlen(f[k])) {
+	for (i = 0; i < k; i++) {
+	    if (strcspn(f[i], " \t") != strlen(f[i])) {
 		warnx("%s: line %d: field %d contains whitespace",
-		      gfn, n, k+1);
+		      gfn, n, i+1);
 		e++;
 	    }
 	}
 
 	/* check that the GID is numeric */
-	if (strspn(f[2], "0123456789") != strlen(f[2])) {
-	    warnx("%s: line %d: GID is not numeric", gfn, n);
-	    e++;
+	if (k > 2) {
+		if (strspn(f[2], "0123456789") != strlen(f[2])) {
+	    	warnx("%s: line %d: GID is not numeric", gfn, n);
+	    	e++;
+		}
 	}
 	
 #if 0