CVSROOT: /cvs
Module name: src
Changes by: mill...@cvs.openbsd.org 2025/02/26 18:32:55
Modified files:
usr.sbin/user : user.c
Log message:
moduser: fix use-after-free when locking/unlocking an account.
The pw_tmp and shell_tmp variables are used to store updated versions
of pwp->pw_passwd and pwp->pw_shell when locking and unlocking an
account. The syslog() calls at the end of the function may use
pwp->pw_shell (which can point to shell_tmp) so we must wait until
after the logging to free the temporary variables.
>From Matthew Martin.
