useradd: check for valid shell argument

Check whether shell argument given with `-s` is actually present and executable.
And is not a directory.

Fix https://github.com/shadow-maint/shadow/issues/186

diff --git a/src/useradd.c b/src/useradd.c
index e074844d000da258e25f3de3cd06c3d7dc103648..16af77f2ea157e209a47bb958a690482352164ee 100644 (file)
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -1094,6 +1094,7 @@ static void process_flags (int argc, char **argv)
        const struct group *grp;
        bool anyflag = false;
        char *cp;
+       struct stat st;
 
        {
                /*
@@ -1310,7 +1311,10 @@ static void process_flags (int argc, char **argv)
                                if (   ( !VALID (optarg) )
                                    || (   ('\0' != optarg[0])
                                        && ('/'  != optarg[0])
-                                       && ('*'  != optarg[0]) )) {
+                                       && ('*'  != optarg[0]) )
+                                   || (stat(optarg, &st) != 0)
+                                   || (S_ISDIR(st.st_mode))
+                                   || (access(optarg, X_OK != 0))) {
                                        fprintf (stderr,
                                                 _("%s: invalid shell '%s'\n"),
                                                 Prog, optarg);