From c143b0506769acb7262b827a468e96ff1e7a044f Mon Sep 17 00:00:00 2001 From: jason <> Date: Wed, 4 Oct 2000 00:44:22 +0000 Subject: [PATCH] Pull in patch from current: Errata: A format string vulnerability exists in the pw_error(3) function. This manifests itself as a security hole in the chpass utility. Fix: warnx?/errx? paranoia (use "%s" not a bare string unless it is a constant). These are not security holes but it is worth fixing them anyway both for robustness and so folks looking for examples in the tree are not misled into doing something potentially dangerous. Furthermore, it is a bad idea to assume that pathnames will not include '%' in them and that error routines don't return strings with '%' in them (especially in light of the possibility of locales). --- src/lib/libutil/passwd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/libutil/passwd.c b/src/lib/libutil/passwd.c index 456f878c..387febf1 100644 --- a/src/lib/libutil/passwd.c +++ b/src/lib/libutil/passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: passwd.c,v 1.20 1998/11/16 07:10:32 deraadt Exp $ */ +/* $OpenBSD: passwd.c,v 1.20.6.1 2000/10/04 00:44:22 jason Exp $ */ /* * Copyright (c) 1987, 1993, 1994, 1995 @@ -34,7 +34,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: passwd.c,v 1.20 1998/11/16 07:10:32 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: passwd.c,v 1.20.6.1 2000/10/04 00:44:22 jason Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -579,7 +579,7 @@ pw_error(name, err, eval) char *master = pw_file(_PATH_MASTERPASSWD); if (err) - warn(name); + warn("%s", name); if (master) warnx("%s: unchanged", master); pw_abort();