From: zhuk Date: Mon, 18 Jul 2016 16:46:30 +0000 (+0000) Subject: The string with path to shell could be taken directly from struct passwd. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=ff37429cbb768e4b590baee210183e74324d4ffd;p=openbsd The string with path to shell could be taken directly from struct passwd. At some point later the data it points to is overridden by getpwuid() call, resulting in garbage. The problem could be easily demonstreated by double doas call: $ doas doas -su _sndio doas: mpty: command not found The fix is easy: just strdup() the pw_shell field value. okay tedu@, tweaks from & okay natano@ --- diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index 606d1b1506a..b17c8f13c8a 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.59 2016/07/12 12:10:42 semarie Exp $ */ +/* $OpenBSD: doas.c,v 1.60 2016/07/18 16:46:30 zhuk Exp $ */ /* * Copyright (c) 2015 Ted Unangst * @@ -281,9 +281,11 @@ main(int argc, char **argv) if (sflag) { sh = getenv("SHELL"); - if (sh == NULL || *sh == '\0') - shargv[0] = pw->pw_shell; - else + if (sh == NULL || *sh == '\0') { + shargv[0] = strdup(pw->pw_shell); + if (shargv[0] == NULL) + err(1, NULL); + } else shargv[0] = sh; argv = shargv; argc = 1;