From ff37429cbb768e4b590baee210183e74324d4ffd Mon Sep 17 00:00:00 2001 From: zhuk Date: Mon, 18 Jul 2016 16:46:30 +0000 Subject: [PATCH] The string with path to shell could be taken directly from struct passwd. At some point later the data it points to is overridden by getpwuid() call, resulting in garbage. The problem could be easily demonstreated by double doas call: $ doas doas -su _sndio doas: mpty: command not found The fix is easy: just strdup() the pw_shell field value. okay tedu@, tweaks from & okay natano@ --- usr.bin/doas/doas.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index 606d1b1506a..b17c8f13c8a 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.59 2016/07/12 12:10:42 semarie Exp $ */ +/* $OpenBSD: doas.c,v 1.60 2016/07/18 16:46:30 zhuk Exp $ */ /* * Copyright (c) 2015 Ted Unangst * @@ -281,9 +281,11 @@ main(int argc, char **argv) if (sflag) { sh = getenv("SHELL"); - if (sh == NULL || *sh == '\0') - shargv[0] = pw->pw_shell; - else + if (sh == NULL || *sh == '\0') { + shargv[0] = strdup(pw->pw_shell); + if (shargv[0] == NULL) + err(1, NULL); + } else shargv[0] = sh; argv = shargv; argc = 1; -- 2.20.1