FreeBSD Bugzilla – Attachment 242182 Details for
Bug 271427
FreeBSD pw command injection vulnerability
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
pw_user_c.patch
pw_user_c.patch (text/plain), 446 bytes, created by
pbuff
on 2023-05-15 06:38:13 UTC
(
hide
)
Description:
pw_user_c.patch
Filename:
MIME Type:
Creator:
pbuff
Created:
2023-05-15 06:38:13 UTC
Size:
446 bytes
patch
obsolete
>--- a/usr.sbin/pw/pw_user.c 2023-05-15 22:31:32.056520000 +0800 >+++ b/usr.sbin/pw/pw_user.c 2023-05-15 22:33:10.487557000 +0800 >@@ -635,7 +635,7 @@ > showtype = "gecos field"; > } else { > /* See if the name is valid as a userid or group. */ >- badchars = " ,\t:+&#%$^()!@~*?<>=|\\/\""; >+ badchars = " ,\t:+&#%$^()!@~*?<>=|\\/\";"; > showtype = "userid/group name"; > /* Userids and groups can not have a leading '-'. */ > if (*ch == '-') >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=242182">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 271427
:
242180
| 242182 |
242204