| Summary: | chpasswd segmentation fault | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | mrother |
| Component: | Other | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | busybox-cvs |
| Priority: | P5 | ||
| Version: | 1.19.x | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
Can't reproduce.
The free is correct: pw_encrypt() returns malloced string:
if (!(opt & OPT_ENC)) {
crypt_make_salt(salt, 1);
if (opt & OPT_MD5) {
salt[0] = '$';
salt[1] = '1';
salt[2] = '$';
crypt_make_salt(salt + 3, 4);
}
pass = pw_encrypt(pass, salt, 0);
}
...
if (!(opt & OPT_ENC))
free(pass);
This bug report is a consequence of a TinyCoreLinux user complaint:
http://forum.tinycorelinux.net/index.php/topic,11318
To recreate you'd need to boot TC v3.8.3 (http://distro.ibiblio.org/tinycorelinux/3.x/archive/3.8.3/tinycore_3.8.3.iso), as the current version has a patch (http://distro.ibiblio.org/tinycorelinux/3.x/release/src/busybox-1.19.0_chpasswd.patch) applied. You will have to enter in a shell a command like:
echo tc:pw | sudo chpasswd -m
to see a 'Segmenation fault' after the 'Password for 'tc' changed' message.
BTW, this is not my patch, I only helped to narrow down the issue. I used a pretty nasty approach to pick out a "culprit": I "sprinkled" a few 'printf()' statements into the code until I was sufficiently confident to be able to put some blame on a single statement. Just looking at the code I was not able to support my finding.
Ok, I found it. Here's the fix: http://git.busybox.net/busybox/commit/?id=d2fe2ba08dd84cd7e94d1ae3e2e9c12ca2b4d561 |
When trying to execute: echo user:pw | sudo chpasswd -m a segfault is generated. As far as I can tell it's the free(pass); (in line 85) that is the reason for it.