[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Sat, 23 Oct 2004 15:57:09 -0400 (EDT)
> addauth with numeric IDs that are not in passwd/group/shadow should
> still work for root. Does it?
> For some value of works, yes. ids will segfault if you try to list
> effective/active ids in idvec-rep.c:loopkup_uid() since we try to
> access memory at NULL (line 133).
That means addauth is fine, and ids has a bug.
> The idvec-verify.c functions still shouldn't cause a segfault, the
> same applies to idvec-rep.c and any other case that doesn't check what
> get*_r() returns.
> Maybe just fixing get*_r() to set a return value of != 0 if the
> structure it returns is NULL would be a better fix. What do you
No, that breaks the interface they have. There is nothing wrong with their