It needs REVISION bumps then it's OK with me to unbreak things. But if someone has time to look a little deeper, it could be better targetted - there are only a few places that actually need the passwords (see the SHADOWPW ifdefs) so it could be changed to only use *_shadow functions in those places (though it can't directly use their code because that's for the getspnam API and struct spwd that other people use..)
On 2016/06/09 14:43, Nils Frohberg wrote: > Due to lib/libc/gen/getpwent.c rev 1.61, netatalk segfaults when > authenticating via uam_dhx2_passwd.c (crypt(3)'s return value isn't > checked against NULL, cf. around line 551 of etc/afpd/uam.c). It > should now use getpwnam_shadow(3) instead of getpwnam(3) when looking > for the username and password. > > > The following patch fixes the port for my use case, I didn't look > for other getpwnam(3) calls. > > --- /dev/null Thu Jun 9 11:39:05 2016 > +++ net/netatalk/patches/patch-etc_afpd_uam_c Thu Jun 9 11:20:07 2016 > @@ -0,0 +1,12 @@ > +$OpenBSD$ > +--- etc/afpd/uam.c.orig Thu Jun 9 11:19:40 2016 > ++++ etc/afpd/uam.c Thu Jun 9 11:19:57 2016 > +@@ -227,7 +227,7 @@ struct passwd *uam_getname(void *private, char *name, > + char *p; > + size_t namelen, gecoslen = 0, pwnamelen = 0; > + > +- if ((pwent = getpwnam(name))) > ++ if ((pwent = getpwnam_shadow(name))) > + return pwent; > + > + /* if we have a NT domain name try with it */ > --- /dev/null Thu Jun 9 14:37:49 2016 > +++ net/netatalk3/patches/patch-etc_afpd_uam_c Thu Jun 9 12:07:41 2016 > @@ -0,0 +1,12 @@ > +$OpenBSD$ > +--- etc/afpd/uam.c.orig Thu Jun 9 12:07:15 2016 > ++++ etc/afpd/uam.c Thu Jun 9 12:07:26 2016 > +@@ -205,7 +205,7 @@ struct passwd *uam_getname(void *private, char *name, > + char *p; > + size_t namelen, gecoslen = 0, pwnamelen = 0; > + > +- if ((pwent = getpwnam(name))) > ++ if ((pwent = getpwnam_shadow(name))) > + return pwent; > + > + /* if we have a NT domain name try with it */ >
