netbsd-bugs: Re: bin/416: passwd -y as root, core dumps

Subject: Re: bin/416: passwd -y as root, core dumps
To: None <netbsd-bugs@sun-lamp.cs.berkeley.edu>
From: John Brezak <brezak@apollo.hp.com>
List: netbsd-bugs
Date: 08/16/1994 17:38:40
Since I can't seem to reach sun-lamp... Can someone apply this patch.

*** src/usr.bin/passwd/yp_passwd.c      Fri Jan 14 05:25:21 1994
--- ./yp_passwd.c       Tue Aug 16 17:34:57 1994
***************
*** 191,197 ****
  
        (void)printf("Changing YP password for %s.\n", pw->pw_name);
  
!       if (uid && old_pass) {
                *old_pass = NULL;
  
                if (pw->pw_passwd &&
--- 191,197 ----
  
        (void)printf("Changing YP password for %s.\n", pw->pw_name);
  
!       if (old_pass) {
                *old_pass = NULL;
  
                if (pw->pw_passwd &&

> 
> >Number:         416
> >Category:       bin
> >Synopsis:       passwd -y as root core dumps, no old password sent to rpc
> >Confidential:   no
> >Severity:       non-critical
> >Priority:       medium
> >Responsible:    gnats-admin (Utility Bug People)
> >State:          open
> >Class:          sw-bug
> >Submitter-Id:   net
> >Arrival-Date:   Tue Aug 16 12:05:03 1994
> >Originator:     Mats O Jansson
> >Organization:
> CelsiusTech Systems AB, Jaerfaella, Sweden
> >Release:        NetBSD 1.0_BETA and at least since NetBSD-Current 94-APR-24.
> >Environment:
> Running as root on at least i386 and Sparc.
> System: NetBSD sunny.celsiustech.se 1.0_BETA NetBSD 1.0_BETA (SPARC) #1: Mon 
Aug 8 23:40:30 MET DST 1994 ppan@sunny.celsiustech.se:/usr/src/sys/arch/sparc/c
ompile/SPARC sparc
> 
> 
> >Description:
> If root tries to change password on a user with the help NIS,
>                passwd will core dump. This is because the code woun't ask
>                root for the users old password. And later the xdr routine
>                will have a NULL pointer and that seems to cause the core
>                dump.
> 
> >How-To-Repeat:Login as root on a NIS-client and try one of the following
>                commands:
> 
>                sunny# passwd nonlocal
>                Changing YP password for nonlocal.
>                New password:
>                Retype new password:
>                Segmentation fault (core dumped)
> 
>                or
> 
>                sunny# passwd -y local
>                Changing YP password for local.
>                New password:
>                Retype new password:
>                Segmentation fault (core dumped)
> 
> >How-To-Repeat:
> >Fix:
> Always ask for users old password when changing password
>                through NIS. root on a client isn't neccesary root on the
>                NIS server.
> 
> >Audit-Trail:
> >Unformatted:
> 


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 John Brezak                    UUCP:     uunet!apollo.hp!brezak
 Hewlett Packard/Apollo         Internet: brezak@ch.hp.com
 300 Apollo Drive               Phone:    (508) 436-4915
 Chelmsford, Massachusetts      Fax:      (508) 436-5122



------------------------------------------------------------------------------