[quagga-dev,15997] vtysh: Fix, guard against NULL pointer dereference

Message ID 1470093278-12518-1-git-send-email-jafar@atcorp.com
State Under Review
Headers show

Commit Message

Jafar Al-Gharaibeh Aug. 1, 2016, 11:14 p.m.
getpwuid() may fail returning a null value leaving subsequent
code vulnerable to a null pointer dereference.

Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
 vtysh/vtysh_user.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)


cisystem@netdef.org Aug. 2, 2016, 12:20 a.m. | #1
Continous Integration Result: SUCCESSFUL

Congratulations, this patch passed basic tests

Tested-by: NetDEF CI System <cisystem@netdef.org>

This is an EXPERIMENTAL automated CI system.
For questions and feedback, feel free to email
Martin Winter <mwinter@opensourcerouting.org>.

Patches applied :
  Patchwork 2032: http://patchwork.quagga.net/patch/2032
       [quagga-dev,15997] vtysh: Fix, guard against NULL pointer dereference
Tested on top of Git : 5f67888 (as of 20160429.234845 UTC)
CI System Testrun URL: https://ci1.netdef.org/browse/QUAGGA-QPWORK-347/

  NetDEF/OpenSourceRouting Continous Integration (CI) System

OpenSourceRouting.org is a project of the Network Device Education Foundation,
For more information, see www.netdef.org and www.opensourcerouting.org
For questions in regards to this CI System, contact Martin Winter, mwinter@netdef.org

Patch hide | download patch | download mbox

diff --git a/vtysh/vtysh_user.c b/vtysh/vtysh_user.c
index 239a633..0955edc 100644
--- a/vtysh/vtysh_user.c
+++ b/vtysh/vtysh_user.c
@@ -176,7 +176,11 @@  vtysh_auth (void)
   struct vtysh_user *user;
   struct passwd *passwd;
-  passwd = getpwuid (geteuid ());
+  if ((passwd = getpwuid (geteuid ())) == NULL)
+  {
+    fprintf (stderr, "could not lookup user ID %d\n", (int) geteuid());
+    exit (1);
+  }
   user = user_lookup (passwd->pw_name);
   if (user && user->nopassword)