* lib/commonio.c (next_entry_by_name): New function.

 * NEWS, lib/commonio.c (commonio_update): When an entry is updated, make
   sure that there are no other entry with the same name. This fixes
   an infinite loop in userdel and usermod when an (erroneous) group
   file contains two entries with the same name.
   (https://bugzilla.redhat.com/show_bug.cgi?id=240915)

diff --git a/ChangeLog b/ChangeLog
index af004395a3e6fa5a1be2b4113fcd6947c57fc8a0..4e9943adb0d9f6db3112137961bd8ceea6027683 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2007-11-16  Nicolas François  <nicolas.francois@centraliens.net>
+
+       * lib/commonio.c (next_entry_by_name): New function.
+       * NEWS, lib/commonio.c (commonio_update): When an entry is updated, make
+       sure that there are no other entry with the same name. This fixes
+       an infinite loop in userdel and usermod when an (erroneous) group
+       file contains two entries with the same name.
+       (https://bugzilla.redhat.com/show_bug.cgi?id=240915)
+
 2007-11-16  Nicolas François  <nicolas.francois@centraliens.net>
 
        * libmisc/salt.c: Make sure the salt string is terminated at the

diff --git a/NEWS b/NEWS
index 5d0fa96b3723f3a9c162be59022e0346e60dd49d..b5778f264f9cb724a2bbfa88f5eecb66d2447fdf 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,10 @@ shadow-4.0.18.1 -> shadow-4.0.18.2                                   UNRELEASED
   (i.e. lookup in the local database for an user with an @). Thanks to
   Mike Frysinger for the patch.
 - Add support for uClibc with no l64a().
+- userdel/usermod: Fix infinite loop caused by erroneous group file
+  containing two entries with the same name. (The fix strategy differs
+  from 
+  (https://bugzilla.redhat.com/show_bug.cgi?id=240915)
 
 shadow-4.0.18.1 -> shadow-4.0.18.2                                     28-10-2007
 

diff --git a/lib/commonio.c b/lib/commonio.c
index b0989f94aa993c73f7a250f7bd0aa82a17f71e98..036d232dffa5ec6534ed37365049a456605859ea 100644 (file)
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -35,6 +35,9 @@ static int name_is_nis (const char *);
 static int write_all (const struct commonio_db *);
 static struct commonio_entry *find_entry_by_name (struct commonio_db *,
                                                  const char *);
+static struct commonio_entry *next_entry_by_name (struct commonio_db *,
+                                                  struct commonio_entry *pos,
+                                                  const char *);
 
 static int lock_count = 0;
 static int nscd_need_reload = 0;
@@ -761,14 +764,17 @@ int commonio_close (struct commonio_db *db)
        return errors == 0;
 }
 
-
-static struct commonio_entry *find_entry_by_name (struct commonio_db *db,
-                                                 const char *name)
+static struct commonio_entry *next_entry_by_name (struct commonio_db *db,
+                                                  struct commonio_entry *pos,
+                                                  const char *name)
 {
        struct commonio_entry *p;
        void *ep;
 
-       for (p = db->head; p; p = p->next) {
+       if (NULL == pos)
+               return NULL;
+
+       for (p = pos; p; p = p->next) {
                ep = p->eptr;
                if (ep && strcmp (db->ops->getname (ep), name) == 0)
                        break;
@@ -776,6 +782,12 @@ static struct commonio_entry *find_entry_by_name (struct commonio_db *db,
        return p;
 }
 
+static struct commonio_entry *find_entry_by_name (struct commonio_db *db,
+                                                 const char *name)
+{
+       return next_entry_by_name(db, db->head, name);
+}
+
 
 int commonio_update (struct commonio_db *db, const void *eptr)
 {
@@ -792,6 +804,11 @@ int commonio_update (struct commonio_db *db, const void *eptr)
        }
        p = find_entry_by_name (db, db->ops->getname (eptr));
        if (p) {
+               if (next_entry_by_name (db, p->next, db->ops->getname (eptr)))
+               {
+                       fprintf (stderr, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->getname (eptr), db->filename);
+                       return 0;
+               }
                db->ops->free (p->eptr);
                p->eptr = nentry;
                p->changed = 1;