Ubuntu
adduser package

Format string bug in deluser

Bug #781907 reported by Emanuel Bronshtein
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
adduser (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: adduser

/usr/sbin/deluser have format string bug .

test case :
root@emanuel-desktop:/tmp# mkdir %999999999999999s
root@emanuel-desktop:/tmp# /tmp/%999999999999999s/../../usr/sbin/deluser Bug
Integer overflow in format string for prtf at /tmp/%999999999999999s/../../usr/sbin/deluser line 469.

The bug can be found at :
sub fail {
  my ($errorcode, $format, @args) = @_;
  printf STDERR "$0: $format",@args;
  exit $errorcode;
}

fix can be :
printf STDERR "%s: $format",$0,@args;

also same function exist in adduser script .

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.