Package: finger Version: 0.17-12 Severity: normal File: /usr/bin/finger Tags: patch
finger segfaults when it comes across a netgroup entry in /etc/passwd. A netgroup entry doesn't include many of the fields in a normal passwd entry, so pw->pw_gecos is set to NULL, which causes finger to core dump. Here is part of a /etc/passwd file with a netgroup entry: nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +...@operator This patch sidesteps what finger considers a malformed passwd entry: diff -r bsd-finger-0.17/finger/util.c my.bsd-finger-0.17/finger/util.c 182a183 > if (pw->pw_gecos == NULL) return rv; -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/bash Versions of packages finger depends on: ii libc6 2.7-18 GNU C Library: Shared libraries finger recommends no packages. finger suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
