>> @@ -662,7 +686,11 @@ int main(int argc, char **argv)
>> if (opts.have_ruid)
>> errx(EXIT_FAILURE, _("duplicate ruid"));
>> opts.have_ruid = 1;
>> - opts.ruid = get_user(optarg, _("failed to parse ruid"));
>> + pw = get_passwd(optarg, &opts.ruid, _("failed to parse ruid"));
>> + if (pw) {
>> + memcpy(&opts.passwd, pw, sizeof(opts.passwd));
>
> This looks somewhat fragile. E.g. with
> setpriv --ruid foo --euid bar ...
> second call to getpw{nam,id} can overwrite/free memory pointed by opts.passwd.pw_name
You're right, a deep copy should be performed. I've fixed this.
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
