Package: shadow
Version: passwd
Severity: normal

Dear Maintainer,

Function __pw_dup() in lib/pwmem.c allocates uninitialized memory for struct
passwd and then fills some members of that struct, but other members (e. g.
pw_age) are still uninitialized. It can results in segfault in putpwent() which
tests for pw_age.



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores)
Index: shadow-4.1.5/lib/pwmem.c
===================================================================
--- shadow-4.1.5.orig/lib/pwmem.c	2009-09-07 19:08:21.000000000 +0000
+++ shadow-4.1.5/lib/pwmem.c	2012-06-03 18:39:48.377996169 +0000
@@ -44,7 +44,7 @@
 {
 	struct passwd *pw;
 
-	pw = (struct passwd *) malloc (sizeof *pw);
+	pw = (struct passwd *) calloc (1, sizeof *pw);
 	if (NULL == pw) {
 		return NULL;
 	}

Reply via email to