From 040ba77d44517335282cc41b0b5ddfe281289cfd Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Sat, 4 Apr 2020 19:29:30 +0200 Subject: [PATCH] Userland: Fix null-pointer deref on unknown user/group in chown/chgrp We can't just blindly dereference the result of getpwnam()/getgrnam()! Fixes #1625. --- Userland/chgrp.cpp | 8 ++++---- Userland/chown.cpp | 14 +++++++------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Userland/chgrp.cpp b/Userland/chgrp.cpp index db9ddefb01..e33ed746b9 100644 --- a/Userland/chgrp.cpp +++ b/Userland/chgrp.cpp @@ -56,12 +56,12 @@ int main(int argc, char** argv) new_gid = gid_arg.to_uint(ok); if (!ok) { - new_gid = getgrnam(gid_arg.characters())->gr_gid; - - if(!new_gid) { - fprintf(stderr, "Invalid gid: '%s'\n", gid_arg.characters()); + auto* group = getgrnam(gid_arg.characters()); + if (!group) { + fprintf(stderr, "Unknown group '%s'\n", gid_arg.characters()); return 1; } + new_gid = group->gr_gid; } int rc = chown(argv[2], -1, new_gid); diff --git a/Userland/chown.cpp b/Userland/chown.cpp index 54202c2f72..a7ea33dbc5 100644 --- a/Userland/chown.cpp +++ b/Userland/chown.cpp @@ -57,23 +57,23 @@ int main(int argc, char** argv) bool ok; new_uid = parts[0].to_uint(ok); if (!ok) { - new_uid = getpwnam(parts[0].characters())->pw_uid; - - if (!new_uid) { - fprintf(stderr, "Invalid uid: '%s'\n", parts[0].characters()); + auto* passwd = getpwnam(parts[0].characters()); + if (!passwd) { + fprintf(stderr, "Unknown user '%s'\n", parts[0].characters()); return 1; } + new_uid = passwd->pw_uid; } if (parts.size() == 2) { new_gid = parts[1].to_uint(ok); if (!ok) { - new_gid = getgrnam(parts[1].characters())->gr_gid; - + auto* group = getgrnam(parts[1].characters()); if (!new_gid) { - fprintf(stderr, "Invalid gid: '%s'\n", parts[1].characters()); + fprintf(stderr, "Unknown group '%s'\n", parts[1].characters()); return 1; } + new_gid = group->gr_gid; } }