Coredump in chkgrp (was Re: unknown coredump !)

Thu Aug 25 13:08:45 GMT 2005

Fredrik Lindberg wrote:

> Colin Percival wrote:
>
>> [Bug report CCed to author of bug]
>>
>> Nikolay Kalev wrote:
>>
>>> chkgrp: /etc/group: line 30: missing field(s)
>>> Segmentation fault (core dumped)
>>> Exit 3
>>>
>>> so i found the problem in my group file there was a bugy line that i
>>> added ... i;m not sure if this is normal to coredump when the syntax in
>>> /etc/group is mistaken ???
>>>
>>> the line was : "user:1001:" and it has to be "user:*:1001:"
>>
>>
>>
>> This bug was added in revision 1.9 of src/usr.sbin/chkgrp/chkgrp.c.  If
>> a line of the group file has the wrong number of fields, the pointers
>> f[0], f[1], f[2], and f[3] might point at deadc0de; prior to this 
>> revision,
>> the number of fields was checked first and processing halted if it was
>> wrong.
>>
>> I'm busy for the next few days, but if this is still unfixed on 
>> Monday I'll
>> take care of it.
>>
>> Colin Percival
>
>
> Here is a patch that should fix this.
>
>     Fredrik Lindberg
>
>------------------------------------------------------------------------
>
>Index: chkgrp.c
>===================================================================
>RCS file: /home/ncvs/src/usr.sbin/chkgrp/chkgrp.c,v
>retrieving revision 1.10
>diff -u -r1.10 chkgrp.c
>--- chkgrp.c	4 Aug 2005 12:44:36 -0000	1.10
>+++ chkgrp.c	25 Aug 2005 10:50:25 -0000
>@@ -133,18 +133,20 @@
> 	}
> 	
> 	/* check that none of the fields contain whitespace */
>-	for (k = 0; k < 4; k++) {
>-	    if (strcspn(f[k], " \t") != strlen(f[k])) {
>+	for (i = 0; i < k; i++) {
>+	    if (strcspn(f[i], " \t") != strlen(f[i])) {
> 		warnx("%s: line %d: field %d contains whitespace",
>-		      gfn, n, k+1);
>+		      gfn, n, i+1);
> 		e++;
> 	    }
> 	}
> 
> 	/* check that the GID is numeric */
>-	if (strspn(f[2], "0123456789") != strlen(f[2])) {
>-	    warnx("%s: line %d: GID is not numeric", gfn, n);
>-	    e++;
>+	if (k > 2) {
>+		if (strspn(f[2], "0123456789") != strlen(f[2])) {
>+	    	warnx("%s: line %d: GID is not numeric", gfn, n);
>+	    	e++;
>+		}
> 	}
> 	
> #if 0
>  
>
Ok thanks for the patch it works ok now :-) no coredumps !