netbsd-bugs: bin/120: "su -" buglet when empty "shell" field in passwd

Subject: bin/120: "su -" buglet when empty "shell" field in passwd
To: None <gnats-admin>
From: Havard Eidnes <Havard.Eidnes@runit.sintef.no>
List: netbsd-bugs
Date: 02/11/1994 11:20:02

>Number:         120
>Category:       bin
>Synopsis:       "su -" dumps core if the shell field in /etc/passwd is empty
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gnats-admin (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Feb 11 11:20:02 1994
>Originator:     Havard Eidnes
>Organization:
"	SINTEF RUNIT"
>Release:        NetBSD-current
>Environment:
	i386, NetBSD-current
System: NetBSD rype.runit.sintef.no 0.9a RYPE#35 i386


>Description:
	"su -" dumps core if the shell field in /etc/passwd is empty
>How-To-Repeat:
	"su - toor" with the original entry in /etc/passwd
>Fix:

See to it that avshell will be computed in every instance,
avoiding a core dump later when it is passed as an argument to
strcat().  The following diff is the cleanest fix I could think of,
offhand.

*** su.c.old	Sat Jan  8 11:55:42 1994
--- su.c	Fri Feb 11 20:04:56 1994
***************
*** 196,207 ****
  	}
  
! 	/* if we're forking a csh, we want to slightly muck the args */
! 	if (iscsh == UNSET) {
! 		if (p = rindex(shell, '/'))
! 			avshell = p+1;
! 		else
! 			avshell = shell;
! 		iscsh = strcmp(avshell, "csh") ? NO : YES;
! 	}
  
  	/* set permissions */
--- 196,205 ----
  	}
  
! 	/* we want to slightly muck the args */
! 	if (p = rindex(shell, '/'))
! 		avshell = p+1;
! 	else
! 		avshell = shell;
! 	iscsh = strcmp(avshell, "csh") ? NO : YES;
  
  	/* set permissions */
>Audit-Trail:
>Unformatted:


------------------------------------------------------------------------------