Ubuntu

newusers error adding more than one user

Bug #1266675 reported by Mariusz Cegiełka on 2014-01-07

330

This bug affects 16 people

Affects		Status	Importance	Assigned to	Milestone
	Debian	New	Undecided	Unassigned
	Ubuntu	Fix Committed	Undecided	Unassigned

Bug Description

1)
mcegielka@ftp-geodezja:~$ lsb_release -rd
Description: Ubuntu 13.10
Release: 13.10

2)
mcegielka@ftp-geodezja:~$ sudo apt-cache policy passwd
passwd:
Installed: 1:4.1.5.1-1ubuntu6
Candidate: 1:4.1.5.1-1ubuntu6

3)
Expected: add system users from file given as argument:

mcegielka@ftp-geodezja:~$ cat testusers.txt
test1:aaaaaaaaaaaaa:::test user 1,,,:/home/test1:/bin/bash
test2:bbbbbbbbbbbbb:::test user 2,,,:/home/test2:/bin/bash

4)
Instead: errors:

mcegielka@ftp-geodezja:~$ sudo newusers testusers.txt
*** Error in `newusers': free(): invalid next size (fast): 0x09319cd0 ***
*** Error in `newusers': malloc(): memory corruption: 0x09319d00 ***

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: passwd 1:4.1.5.1-1ubuntu6
ProcVersionSignature: Ubuntu 3.11.0-15.23-generic 3.11.10
Uname: Linux 3.11.0-15-generic i686
ApportVersion: 2.12.5-0ubuntu2.2
Architecture: i386
Date: Tue Jan 7 09:04:11 2014
InstallationDate: Installed on 2014-01-07 (0 days ago)
InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release i386 (20131016)
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=pl_PL.UTF-8
SHELL=/bin/bash
SourcePackage: shadow
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

Mariusz Cegiełka (mariusz-6) wrote on 2014-01-07:

Dependencies.txt Edit (891 bytes, text/plain; charset="utf-8")
LoginDefs.txt Edit (10.3 KiB, text/plain; charset="utf-8")

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-02-12:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in shadow (Ubuntu):
status:	New → Confirmed

Revision history for this message

.cobnet (mattias-campe) wrote on 2014-02-12:

I got the same problem as Mariusz, but on Lubuntu 13.10 instead of Ubuntu 13.10:

sudo newusers users.csv
*** Error in `newusers': free(): invalid next size (fast): 0x08e5f068 ***
*** Error in `newusers': malloc(): memory corruption: 0x08e5f098 ***

Revision history for this message

Doug Blank (doug-blank) wrote on 2014-09-02:

Same problem in 14.04.

Revision history for this message

steve.rueg (steve-rueg) wrote on 2014-12-02:

I would also like to use newusers script.
Ubuntu 14.04.1

Revision history for this message

bcag2 (bcag2) wrote on 2015-04-28:

I have the same problem. First, I did a small test with few users (about 2 to update and one to added) and it worked, but when I would like to push all the list of my job users (20 lines with 5 first one already registered), I have this error.

Ubuntu Trusty server 14.04.2 - Linux 3.13.0-49-generic x86_64 x86_64 x86_64 GNU/Linux

Revision history for this message

bcag2 (bcag2) wrote on 2015-04-28:

When add 2 new users, it works. If more, it return this error.
Perhaps It is important to note that samba is installed and ...
"no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory" is returned too... an other bug reported too !

Revision history for this message

Tobias Verbeke (tobias-verbeke) wrote on 2015-10-12:

(still) present on Ubuntu 14.04.3 LTS

Revision history for this message

William Van Hevelingen (blkperl) wrote on 2016-09-15:

Still present on 16.04

Revision history for this message

SerP (serp2002) wrote on 2017-02-17:

#10

I backport 1:4.2-3.1ubuntu5 from xenial to trusty, and problem was resolved.

Revision history for this message

haozi (haozi008) wrote on 2017-05-22:

#11

i met this error too.anyone know where to get the patch???

Revision history for this message

Teddy Thomas (tthoma24) wrote on 2017-08-02:

#12

I believe this may be related to Debian Bug #756630, which has already been fixed upstream (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630). Can anyone confirm?

information type:

Public → Public Security

Teddy Thomas (tthoma24) on 2017-08-02

information type:

Public Security → Public

Teddy Thomas (tthoma24) on 2017-08-03

tags:

added: trusty xenial

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2017-08-04:

#13

Use CVE-2017-12424.

information type:

Public → Public Security

Bug Watch Updater (bug-watch-updater) on 2017-09-30

Changed in shadow (Debian):
status:	Unknown → Fix Released

Revision history for this message

Anthony Somerset (anthonysomerset) wrote on 2018-01-04:

#14

I can confirm this bug is still present in 16.04.3

single line import fine, multiple not

Ray (lucenzeo00) on 2018-03-30

affects:	shadow (Ubuntu) → ubuntu
Changed in ubuntu:
assignee:	nobody → Ray (lucenzeo00)
status:	Confirmed → Fix Committed
affects:	shadow (Debian) → debian
Changed in debian:
importance:	Unknown → Undecided
status:	Fix Released → New
assignee:	nobody → Ray (lucenzeo00)
Changed in ubuntu:
assignee:	Ray (lucenzeo00) → nobody

Ray (lucenzeo00) on 2018-03-30

Changed in debian:
assignee:	Ray (lucenzeo00) → nobody

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

debbugs #756630
[done normal patch upstream security fixed-upstream] Edit

Bug watches keep track of this bug in other bug trackers.