newusers error adding more than one user

Bug #1266675 reported by Mariusz Cegiełka on 2014-01-07
330
This bug affects 16 people
Affects Status Importance Assigned to Milestone
Debian
New
Undecided
Unassigned
Ubuntu
Undecided
Unassigned

Bug Description

1)
mcegielka@ftp-geodezja:~$ lsb_release -rd
Description: Ubuntu 13.10
Release: 13.10

2)
mcegielka@ftp-geodezja:~$ sudo apt-cache policy passwd
passwd:
  Installed: 1:4.1.5.1-1ubuntu6
  Candidate: 1:4.1.5.1-1ubuntu6

3)
Expected: add system users from file given as argument:

mcegielka@ftp-geodezja:~$ cat testusers.txt
test1:aaaaaaaaaaaaa:::test user 1,,,:/home/test1:/bin/bash
test2:bbbbbbbbbbbbb:::test user 2,,,:/home/test2:/bin/bash

4)
Instead: errors:

mcegielka@ftp-geodezja:~$ sudo newusers testusers.txt
*** Error in `newusers': free(): invalid next size (fast): 0x09319cd0 ***
*** Error in `newusers': malloc(): memory corruption: 0x09319d00 ***

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: passwd 1:4.1.5.1-1ubuntu6
ProcVersionSignature: Ubuntu 3.11.0-15.23-generic 3.11.10
Uname: Linux 3.11.0-15-generic i686
ApportVersion: 2.12.5-0ubuntu2.2
Architecture: i386
Date: Tue Jan 7 09:04:11 2014
InstallationDate: Installed on 2014-01-07 (0 days ago)
InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release i386 (20131016)
MarkForUpload: True
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=pl_PL.UTF-8
 SHELL=/bin/bash
SourcePackage: shadow
UpgradeStatus: No upgrade log present (probably fresh install)

Mariusz Cegiełka (mariusz-6) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in shadow (Ubuntu):
status: New → Confirmed
.cobnet (mattias-campe) wrote :

I got the same problem as Mariusz, but on Lubuntu 13.10 instead of Ubuntu 13.10:

sudo newusers users.csv
*** Error in `newusers': free(): invalid next size (fast): 0x08e5f068 ***
*** Error in `newusers': malloc(): memory corruption: 0x08e5f098 ***

Doug Blank (doug-blank) wrote :

Same problem in 14.04.

steve.rueg (steve-rueg) wrote :

I would also like to use newusers script.
Ubuntu 14.04.1

bcag2 (bcag2) wrote :

I have the same problem. First, I did a small test with few users (about 2 to update and one to added) and it worked, but when I would like to push all the list of my job users (20 lines with 5 first one already registered), I have this error.

Ubuntu Trusty server 14.04.2 - Linux 3.13.0-49-generic x86_64 x86_64 x86_64 GNU/Linux

bcag2 (bcag2) wrote :

When add 2 new users, it works. If more, it return this error.
Perhaps It is important to note that samba is installed and ...
"no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory" is returned too... an other bug reported too !

Tobias Verbeke (tobias-verbeke) wrote :

(still) present on Ubuntu 14.04.3 LTS

Still present on 16.04

SerP (serp2002) wrote :

I backport 1:4.2-3.1ubuntu5 from xenial to trusty, and problem was resolved.

haozi (haozi008) wrote :

i met this error too.anyone know where to get the patch???

Teddy Thomas (tjthomas292) wrote :

I believe this may be related to Debian Bug #756630, which has already been fixed upstream (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630). Can anyone confirm?

information type: Public → Public Security
information type: Public Security → Public
tags: added: trusty xenial
Seth Arnold (seth-arnold) wrote :

Use CVE-2017-12424.

information type: Public → Public Security
Changed in shadow (Debian):
status: Unknown → Fix Released

I can confirm this bug is still present in 16.04.3

single line import fine, multiple not

Ray (lucenzeo00) on 2018-03-30
affects: shadow (Ubuntu) → ubuntu
Changed in ubuntu:
assignee: nobody → Ray (lucenzeo00)
status: Confirmed → Fix Committed
affects: shadow (Debian) → debian
Changed in debian:
importance: Unknown → Undecided
status: Fix Released → New
assignee: nobody → Ray (lucenzeo00)
Changed in ubuntu:
assignee: Ray (lucenzeo00) → nobody
Ray (lucenzeo00) on 2018-03-30
Changed in debian:
assignee: Ray (lucenzeo00) → nobody
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.