https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211195
rday <r...@ryanday.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |r...@ryanday.net
--- Comment #3 from rday <r...@ryanday.net> ---
Created attachment 172760
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=172760&action=edit
Patch for 211195
The crash occurs in the rm_r() function, however the core dump issue looks a
little more subtle than not having a home directory. For example, the commands
# pw user add someuser -g somegroup -d "/home/someuser" -s "/usr/sbin/nologin"
# pw user del someuser -r
Won't core dump. /home/someuser doesn't exist, and the problematic code never
runs.
In your example the home directory was "/dev/null", which *does* exist even
though -m wasn't specified. The program uses openat(2) with the O_DIRECTORY
flag to open "/dev/null" which is not a directory. openat() returns an
unchecked error, and the program crashes when it tries to open the invalid
descriptor.
I was able to reproduce this in the master branch on the Github repo. I
attached a patch for the rm_r() function to check the return value of openat().
It looks like openat()'s return value isn't checked in a couple other locations
in the code as well. Those code paths may not be accessible though.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
