In general, empty fields in a CSV are errors. However, in some cases,
we want to allow passing empty lists, and the way to encode that is as
an empty string. This was accidentally broken in 4.17.0, when we
switched from using strtok(3) to strsep(3), without remembering to
special-case an empty CSV.
The bug affected directly groupadd(8) and groupmod(8).
The bug also affected the library function add_groups(). In systems
using PAM, that function is unused. On systems without PAM, it is
called by the library function setup_uid_gid(), with the contents of the
"CONSOLE_GROUPS" configuration (login.defs) CSV string.
setup_uid_gid() is directly called by su(1) and login(1) on systems
without PAM.
setup_uid_gid() is also called by the library function expire().
expire() is directly called by expiry(1), su(1), and login(1).
This bug is a regression introduced in the release 4.17.0, and present
in the releases 4.17.{0..4} and 4.18.0.
Fixes: 90afe61003ef (2024-12-05; "lib/, src/: Use strsep(3) instead of strtok(3)")
Link: <https://github.com/shadow-maint/shadow/issues/1420>
Reported-by: Osark Vieira <https://github.com/osark084>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
#include "shadow/grp/agetgroups.h"
#include "shadowlog.h"
#include "string/strchr/strchrscnt.h"
+#include "string/strcmp/streq.h"
#include "string/strerrno.h"
if (dup == NULL)
goto free_gids;
- {
+ if (!streq(dup, "")) {
while (NULL != (g = strsep(&p, ",:"))) {
struct group *grp;
#include "shadow/gshadow/sgrp.h"
#include "shadowlog.h"
#include "string/memset/memzero.h"
+#include "string/strcmp/streq.h"
#include "string/strerrno.h"
#include "string/strtok/stpsep.h"
}
#endif /* SHADOWGRP */
- if (user_list) {
+ if (user_list && !streq(user_list, "")) {
char *u, *ul;
ul = user_list;
}
#endif /* SHADOWGRP */
- {
+ if (!streq(user_list, "")) {
ul = user_list;
while (NULL != (u = strsep(&ul, ","))) {
if (prefix_getpwnam(u) == NULL) {
projects / thirdparty / shadow.git / commitdiff
