Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 89145 - useradd uses uninitialized memory
Summary: useradd uses uninitialized memory
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: shadow-utils
Version: 1.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact: David Lawrence
URL:
Whiteboard:
: 106218 (view as bug list)
Depends On:
Blocks: CambridgeTarget
TreeView+ depends on / blocked
 
Reported: 2003-04-18 12:05 UTC by Enrico Scholz
Modified: 2007-04-18 16:53 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-04-11 11:27:22 UTC
Embargoed:

Attachments (Terms of Use)
fixes usage of uninitialized 'user_groups' variable (deleted)
2003-04-18 12:06 UTC, Enrico Scholz 		no flags Details | Diff
shadow-4.0.0-alt-user_groups.patch (deleted)
2004-01-21 11:57 UTC, Dmitry V. Levin 		no flags Details | Diff
View All

Description Enrico Scholz 2003-04-18 12:05:47 UTC 
This a CC of a mail to shadow.pl (I could not find an archive; the given
link is dead):

==============

Hello,

the attached patch fixes the usage of an uninitialized 'user_groups'
variable.

This variable will be initialized by the get_groups() method, which
will not be called in all cases (only when '-G' flag is given). But the
grp_update() function (which uses this variable) can be called in other
cases also (e.g. on RHL systems which are adding user-groups).

===============


Description of problem:

shadow-utils-4.0.3-6
Comment 1 Enrico Scholz 2003-04-18 12:06:19 UTC 
Created attachment 91187 [details]
fixes usage of uninitialized 'user_groups' variable
Comment 2 Warren Togami 2003-04-18 12:50:11 UTC 
http://www.fedora.us/pipermail/fedora-devel/2003-April/000972.html
The combination of glibc-2.3.2 and libsafe causes this to segfault on RH9 and
Mandrake 9.1.  We didn't discover this before because libsafe and older glibc
didn't trigger a segfault.

I have confirmed that the segfault no longer happens on RH9 with this patch to
shadow-utils.
Comment 3 Warren Togami 2003-04-18 13:24:24 UTC 
http://qa.mandrakesoft.com/show_bug.cgi?id=3781
Mandrake equivalent
Comment 4 Bob T. 2003-10-08 12:00:01 UTC 
*** Bug 106218 has been marked as a duplicate of this bug. ***
Comment 5 Warren Togami 2003-12-02 07:44:21 UTC 
Can we please apply this to rawhide?  This is still an issue in FC1.
Comment 6 Dmitry V. Levin 2004-01-09 23:00:30 UTC 
Could you look at shadow cvs from time to time, please: 
 
2003-06-30  Tomasz Kloczko  <kloczek.pl> 
 
        * src/useradd.c, src/usermod.c: 
        Added initializing memory in variables when get_groups() function is not 
called, 
        and memory allocated for user_groups is not initialized (in both useradd 
and 
        usermod when -G options is used and in usermod when -l option is used). 
        That causing segfaults sometimes. 
        This fix is importand but not critical because usermod and usermod aren't 
suid 
        root. 
        Problem reported and fixed by Alexey Voinov <voins>.
Comment 7 Warren Togami 2004-01-21 11:24:58 UTC 
I just noticed that nalin checked in the fix into CVS on January 7th
for rawhide shadow-utils-4.0.3-17.  Perhaps external contributors
should review the SRPM to be safe.
Comment 8 Dmitry V. Levin 2004-01-21 11:55:56 UTC 
usermod.c hunk is missing in the shadow-4.0.3-uninitialized.patch from 
shadow-utils-4.0.3-17.src.rpm
Comment 9 Dmitry V. Levin 2004-01-21 11:57:18 UTC 
Created attachment 97144 [details]
shadow-4.0.0-alt-user_groups.patch
Comment 10 Warren Togami 2004-01-21 11:58:31 UTC 
Arg... re-opening and bugging nalin...
Comment 11 Enrico Scholz 2004-01-21 13:09:15 UTC 
btw, shadow-utils 4.0.4.1 has been released which contains this fix
already
Note You need to log in before you can comment on or make changes to this bug.