Mailing List Archive

From:: Todd C. Miller <millert@openbsd.org>
Subject:: Re: usermod: fix use after free
To:: Matthew Martin <phy1729@gmail.com>
Cc:: tech@openbsd.org
Date:: Wed, 26 Feb 2025 18:33:08 -0700

Download raw body.

Thread

2025-02-26 23:10 Matthew Martin:
usermod: fix use after free
- 2025-02-27 01:33 Todd C. Miller:
  usermod: fix use after free

On Wed, 26 Feb 2025 17:10:33 -0600, Matthew Martin wrote:

> pwp->pw_shell may be backed by the same allocation as shell_tmp (cf.
> lines 1560 and 1604), so the free needs to happen after the syslog calls
> which use pwp->pw_shell.

Yes, you are correct.  Committed, thanks!

 - todd

2025-02-26 23:10 Matthew Martin:
usermod: fix use after free
- 2025-02-27 01:33 Todd C. Miller:
  usermod: fix use after free