From 3ab30975ab37167f7ad6f6d5740f69548a57f0bb Mon Sep 17 00:00:00 2001 From: David Greenman Date: Fri, 2 Jun 1995 11:23:24 +0000 Subject: [PATCH] The +@netgroup/-@netgroup NIS password overrides can fail in some cases due to a subtle bug. Specifically, if you override an NIS user's shell, /usr/bin/login and /usr/bin/su (and probably other commands) can end up with bogus data for the pw_shell member of the passwd structure *if* the do an endpwent(), thereby preventing logins. This happpens because the text fields in the passwd structure (pw_name, pw_passwd, pw_gecos, pw_class, pw_dir and pw_shell) are returned to the calling program as pointers to dycamically allocated buffers, rather than pointers to static buffers as they should be. Once endpwent() is called, the dynamic buffers are free()ed, which invalidates the data returned by the library functions. Note: Bill promises a more elegant solution in post-2.0.5R. This fix is only a work-around. Submitted by: Bill Paul --- lib/libc/gen/getpwent.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lib/libc/gen/getpwent.c b/lib/libc/gen/getpwent.c index 22b148559d02..8b17ca24a892 100644 --- a/lib/libc/gen/getpwent.c +++ b/lib/libc/gen/getpwent.c @@ -496,6 +496,15 @@ static void _pw_breakout_yp(struct passwd *pw, char *result, int master) { char *s; + static char name[UT_NAMESIZE+2], passwd[_PASSWORD_LEN], class[1024]; + static char gecos[1024], dir[MAXPATHLEN], shell[MAXPATHLEN]; + + strcpy(name, pw->pw_name); pw->pw_name = (char *)&name; + strcpy(passwd, pw->pw_passwd); pw->pw_passwd = (char *)&passwd; + strcpy(class, pw->pw_class); pw->pw_class = (char *)&class; + strcpy(gecos, pw->pw_gecos); pw->pw_gecos = (char *)&gecos; + strcpy(dir, pw->pw_dir); pw->pw_dir = (char *)&dir; + strcpy(shell, pw->pw_shell); pw->pw_shell = (char *)&shell; s = strsep(&result, ":"); /* name */ if(!(pw->pw_fields & _PWF_NAME) || (pw->pw_name[0] == '+')) {