Package: shadow
Version: passwd
Severity: normal
Dear Maintainer,
Function __pw_dup() in lib/pwmem.c allocates uninitialized memory for struct
passwd and then fills some members of that struct, but other members (e. g.
pw_age) are still uninitialized. It can results in segfault in putpwent() which
tests for pw_age.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores)
Index: shadow-4.1.5/lib/pwmem.c
===================================================================
--- shadow-4.1.5.orig/lib/pwmem.c 2009-09-07 19:08:21.000000000 +0000
+++ shadow-4.1.5/lib/pwmem.c 2012-06-03 18:39:48.377996169 +0000
@@ -44,7 +44,7 @@
{
struct passwd *pw;
- pw = (struct passwd *) malloc (sizeof *pw);
+ pw = (struct passwd *) calloc (1, sizeof *pw);
if (NULL == pw) {
return NULL;
}