Bug 14726

Summary: Blank password in /etc/passwd results in no username displayed in a prompt
Product: Busybox Reporter: tgm <tomasz.g.markiewicz>
Component: Standard ComplianceAssignee: unassigned
Status: RESOLVED FIXED    
Severity: normal CC: busybox-cvs
Priority: P5    
Version: 1.33.x   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
Host: Target:
Build:
Attachments: Dot config file

Description tgm 2022-03-30 13:18:51 UTC 
Created attachment 9261 [details]
Dot config file

The actual version is 1.34.1, but it wasn't possible to select that version during bug submitting.

The general problem is with no username being displayed when there is a blank password in /etc/passwd.


PS is set to:
----------------------

$ echo $PS1
\u@\h:\w\$


/etc/passwd:
----------------------

root:x:0:0:root:/root:/bin/ash
# (Skipped...)
analog::1000:1000:analog,,,:/home/analog:/bin/ash


Obviously the 'analog' user does not have its name in a prompt and root has. Adding or removing 'x' in password field fixes (or creates) the problem regardless of user account (also checked with the second non-root user -- just not shown here).

According to manpage (man 5 passwd), the password field can be blank, thus I marked it as 'Standard Compliance'. Man page also say that using 'x' as a password requires providing corresponding /etc/shadow, which I have no intention of adding. Besides, /etc/shadow is parsed using probably the exact same mechanism, so it doesn't look like a viable solution.

NOTE: It worked fine with BusyBox 1.24.2.

If this can be fixed with .config tweaking, I would be grateful for some hints. :)

If it is important, I use it with musl libc 1.2.2, Binutils 2.38, compiled with GCC 11.2.

Xilinx's Linux:
$ uname -r
4.14.0-xilinx-ge77ffb40e9a0





I was able to track the problem to 'parse_common' function in 'libpwdgrp/pwd_grp.c', these line(s):

		if (strcmp(key, nth_string(buf, field_pos)) == 0) {
			/* record found */
			break;
		}

It seems that 'nth_string' in 'libbb/compare_string_array.c' treats two consecutive '\0' as the end of the string (Huffman wouldn't be proud :)).

nth_string(buf, field_pos) returns this (compare with
/etc/shadow file excerpt shown above):
-------------------------------------------------------

ash: TGM: pwd_grp: parse_common: buf (after tokenize): [root]
ash: TGM: pwd_grp: parse_common: nth_string_result: [0]
ash: TGM: pwd_grp: parse_common: buf (after tokenize): [analog]
ash: TGM: pwd_grp: parse_common: nth_string_result: []

While the 'key' passed to parse_common was: '1000'


Call stack:
----------------
shell/ash.c: ??? -> ??? // I'm not sure if I started from here...
libbb/lineedit.c: read_line_input-> // user_buf is set to NULL, due to:
libpwdgrp/pwd_grp.c: getpwuid -> getXXXnam -> parse_file -> parse_common
Comment 1 Oliver Endriss 2022-04-20 14:48:02 UTC 
Note that all functions which get the user name from /etc/passwd are affected:
ls -l, ps, whoami, etc.

The bug was introduced by commit c9fc15359ef8fe5aa98ab0308c1563d9bcf99bb8

With this commit, nth_string() does not longer work with an empty field in the middle of the line, for example an empty password field in /etc/password.

Please revert this commit!

Regards,
Oliver
Comment 2 Denys Vlasenko 2022-04-27 14:11:26 UTC 
Fixed in git.