public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nss/30626] New: Empty passwd service line causes getpwuid() to crash (SEGV)
@ 2023-07-11 4:16 gjduck at gmail dot com
0 siblings, 0 replies; only message in thread
From: gjduck at gmail dot com @ 2023-07-11 4:16 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30626
Bug ID: 30626
Summary: Empty passwd service line causes getpwuid() to crash
(SEGV)
Product: glibc
Version: 2.37
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: nss
Assignee: unassigned at sourceware dot org
Reporter: gjduck at gmail dot com
Target Milestone: ---
Created attachment 14960
--> https://sourceware.org/bugzilla/attachment.cgi?id=14960&action=edit
getpwuid.c
Configuring "passwd" with an empty service line seems to cause getpwuid() to
crash:
__nss_configure_lookup("passwd", "");
struct passwd *pw = getpwuid(uid); // <---- SEGV
See the attached PoC, tested with glibc-2.37 (latest dev head) on Ubuntu 23.04.
The steps to reproduce:
$ gcc -o getpwuid getpwuid.c
$ ./getpwuid
Segmentation fault
The same bug also can be induced by udpating "passwd" in /etc/nsswitch.conf
with an empty service line:
# /etc/nsswitch.conf
...
passwd:
However, testing using this method risks bricking your system.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-07-11 4:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-11 4:16 [Bug nss/30626] New: Empty passwd service line causes getpwuid() to crash (SEGV) gjduck at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).