Created attachment 34487 [details] [review] Fix for bad return check on getpwnam_r In pkexec.c, user information is looked up using getpwnam_r. The program checks if the return code is not zero, which would indicate an error, and terminates if so. However, if no error occurs and the user is not found in the password database, this function returns 0 and sets the result passwd struct to NULL (http://www.unix.com/man-page/Linux/3/getpwnam_r/) , but this is not checked. As a result, when pwd is dereferenced later in the code, the program segfaults. Confirm using: pkexec --user doesnotexist /bin/ls The attached patch includes an additional check that pwd is not NULL to prevent this crash.
I think this was fixed with this commit http://cgit.freedesktop.org/PolicyKit/commit/?id=2a91f171e23a90aa837bdafe9bb4b3a66fddbb39
(In reply to comment #1) > I think this was fixed with this commit > > > http://cgit.freedesktop.org/PolicyKit/commit/?id=2a91f171e23a90aa837bdafe9bb4b3a66fddbb39 > Yep, sorry for the repeat.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.