From: Geert Ijewski <gm.ijewski@web.de>
Date: Sun, 7 Feb 2021 18:26:55 +0000 (+0100)
Subject: usermod: check if shell exists & is executable
X-Git-Tag: v4.9~38^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fe159b766896c1982b1002220729b0d0590144d3;p=thirdparty%2Fshadow.git

usermod: check if shell exists & is executable
---

diff --git a/src/usermod.c b/src/usermod.c
index ef430296e..3ba011c2b 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1032,7 +1032,7 @@ static void grp_update (void)
 static void process_flags (int argc, char **argv)
 {
 	const struct group *grp;
-
+	struct stat st;
 	bool anyflag = false;
 
 	{
@@ -1180,12 +1180,25 @@ static void process_flags (int argc, char **argv)
 			case 'P': /* no-op, handled in process_prefix_flag () */
 				break;
 			case 's':
-				if (!VALID (optarg)) {
+				if (   ( !VALID (optarg) )
+				    || (   ('\0' != optarg[0])
+				        && ('/'  != optarg[0])
+				        && ('*'  != optarg[0]) )) {
 					fprintf (stderr,
-					         _("%s: invalid field '%s'\n"),
+					         _("%s: invalid shell '%s'\n"),
 					         Prog, optarg);
 					exit (E_BAD_ARG);
 				}
+				if (    '\0' != optarg[0]
+				     && '*'  != optarg[0]
+				     && strcmp(optarg, "/sbin/nologin") != 0
+				     && (   stat(optarg, &st) != 0
+				         || S_ISDIR(st.st_mode)
+				         || access(optarg, X_OK) != 0)) {
+					fprintf (stderr,
+					         _("%s: Warning: missing or non-executable shell '%s'\n"),
+					         Prog, optarg);
+				}
 				user_newshell = optarg;
 				sflg = true;
 				break;