Release 4.13

Signed-off-by: Serge Hallyn <serge@hallyn.com>

.github/workflows/static-code-analysis.yml

@@ -36,3 +36,25 @@ jobs:
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
+
+  differential-shellcheck:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      security-events: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      # Doc: https://github.com/redhat-plumbers-in-action/differential-shellcheck#usage
+      - name: Differential ShellCheck
+        uses: redhat-plumbers-in-action/differential-shellcheck@v3
+        with:
+          severity: warning
+          token: ${{ secrets.GITHUB_TOKEN }}

ChangeLog

@@ -1,3 +1,32 @@
+2022-11-08  Serge Hallyn <serge@hallyn.com>
+
+	* useradd.8: fix default group ID (Tim Biermann)
+	* Revert drop of subid_init() (Serge Hallyn)
+	* Georgian translation (NorwayFun)
+	* useradd: Avoid taking unneeded space: do not reset non-existent data
+	  in lastlog (David Kalnischkies)
+	* relax username restrictions (Alexander Kanavin)
+	* selinux: check MLS enabled before setting serange (genBTC)
+	* copy_tree: use fchmodat instead of chmod (Samanta Navarro)
+	* copy_tree: don't block on FIFOs (Samanta Navarro)
+	* add shell linter (Jan Macku)
+	* copy_tree: carefully treat permissions (Samanta Navarro)
+	* lib/commonio: make lock failures more detailed (Luca BRUNO)
+	* lib: use strzero and memzero where applicable (Christian Göttsche)
+	* Update Dutch translation (Frans Spiesschaert)
+	* Don't test for NULL before calling free (Alex Colomar)
+	* Use libc MAX() and MIN() (Alejandro Colomar)
+	* chage: Fix regression in print_date (Xiami)
+	* usermod: report error if homedir does not exist (Iker Pedrosa)
+	* libmisc: minimum id check for system accounts (Iker Pedrosa)
+	* fix usermod -rG x y wrongly adding a group (xyz)
+	* man: add missing space in useradd.8.xml (Iker Pedrosa)
+	* lastlog: check for localtime() return value (Iker Pedrosa)
+	* Raise limit for passwd and shadow entry length (Iker Pedrosa)
+	* Remove adduser-old.c (Alejandro Colomar)
+	* useradd: Fix buffer overflow when using a prefix (David Michael)
+	* Don't warn when failed to open /etc/nsswitch.conf (Serge Hallyn)
+
 2022-08-15  Serge Hallyn <serge@hallyn.com>
 
 	* Address CVE-2013-4235 (TOCTTOU when copying directories)

configure.ac

@@ -4,7 +4,7 @@ m4_define([libsubid_abi_major], 4)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.12.2], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.13], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
 AC_CONFIG_MACRO_DIRS([m4])

contrib/Makefile.am

@@ -1,6 +1,6 @@
 # This is a dummy Makefile.am to get automake work flawlessly,
 # and also cooperate to make a distribution for `make dist'
 
-EXTRA_DIST = README adduser.c adduser-old.c adduser.sh adduser2.sh \
+EXTRA_DIST = README adduser.c adduser.sh adduser2.sh \
  atudel groupmems.shar pwdauth.c shadow-anonftp.patch \
  udbachk.tgz

contrib/adduser-old.c

@@ -1,300 +0,0 @@
-/****
-** 03/17/96
-** hacked a bit more, removed unused code, cleaned up for gcc -Wall.
-** --marekm
-**
-** 02/26/96
-** modified to call shadow utils (useradd,chage,passwd) on shadowed
-** systems - Cristian Gafton, gafton@sorosis.ro
-**
-** 6/27/95
-** shadow-adduser 1.4:
-**
-** now it copies the /etc/skel dir into the person's dir,
-** makes the mail folders, changed some defaults and made a 'make
-** install' just for the hell of it.
-**
-** Greg Gallagher
-** CIN.Net
-**
-** 1/28/95
-** shadow-adduser 1.3:
-**
-** Basically a bug-fix on my additions in 1.2.  Thanks to Terry Stewart
-** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
-** It was such a stupid bug that I would have never seen it myself.
-**
-**                                Brandon
-*****
-** 01/27/95
-**
-** shadow-adduser 1.2:
-** I took the C source from adduser-shadow (credits are below) and made
-** it a little more worthwhile.  Many small changes... Here's
-** the ones I can remember:
-**
-** Removed support for non-shadowed systems (if you don't have shadow,
-**     use the original adduser, don't get this shadow version!)
-** Added support for the correct /etc/shadow fields (Min days before
-**     password change, max days before password change, Warning days,
-**     and how many days from expiry date does the account go invalid)
-**     The previous version just left all of those fields blank.
-**     There is still one field left (expiry date for the account, period)
-**     which I have left blank because I do not use it and didn't want to
-**     spend any more time on this.  I'm sure someone will put it in and
-**     tack another plethora of credits on here. :)
-** Added in the password date field, which should always reflect the last
-**     date the password was changed, for expiry purposes.  "passwd" always
-**     updates this field, so the adduser program should set it up right
-**     initially (or a user could keep thier initial password forever ;)
-**     The number is in days since Jan 1st, 1970.
-**
-**                       Have fun with it, and someone please make
-**                       a real version(this is still just a hack)
-**                       for us all to use (and Email it to me???)
-**
-**                               Brandon
-**                                  photon@usis.com
-**
-*****
-** adduser 1.0: add a new user account (For systems not using shadow)
-** With a nice little interface and a will to do all the work for you.
-**
-** Craig Hagan
-** hagan@opine.cs.umass.edu
-**
-** Modified to really work, look clean, and find unused uid by Chris Cappuccio
-** chris@slinky.cs.umass.edu
-**
-*****
-**
-** 01/19/95
-**
-** FURTHER modifications to enable shadow passwd support (kludged, but
-** no more so than the original)  by Dan Crowson - dcrowson@mo.net
-**
-** Search on DAN for all changes...
-**
-*****
-**
-** cc -O -o adduser adduser.c
-** Use gcc if you have it... (political reasons beyond my control) (chris)
-**
-** I've gotten this program to work with success under Linux (without
-** shadow) and SunOS 4.1.3. I would assume it should work pretty well
-** on any system that uses no shadow. (chris)
-**
-** If you have no crypt() then try
-** cc -DNO_CRYPT -O -o adduser adduser.c xfdes.c
-** I'm not sure how login operates with no crypt()... I guess
-** the same way we're doing it here.
-*/
-
-#include <pwd.h>
-#include <grp.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <time.h>
-#include <sys/types.h>
-#include <sys/timeb.h>
-#include <sys/time.h>
-#include <sys/stat.h>
-
-#define DEFAULT_SHELL	"/bin/bash"  /* because BASH is your friend */
-#define DEFAULT_HOME	"/home"
-#define USERADD_PATH	"/usr/sbin/useradd"
-#define CHAGE_PATH	"/usr/sbin/chage"
-#define PASSWD_PATH	"/usr/bin/passwd"
-#define DEFAULT_GROUP	100
-
-#define DEFAULT_MAX_PASS 60
-#define DEFAULT_WARN_PASS 10
-/* if you use this feature, you will get a lot of complaints from users
-   who rarely use their accounts :)  (something like 3 months would be
-   more reasonable)  --marekm */
-#define DEFAULT_USER_DIE /* 10 */ 0
-
-void main()
-{
-	char foo[32];
-	char uname[9],person[32],dir[32],shell[32];
-	unsigned int group,min_pass,max_pass,warn_pass,user_die;
-	/* the group and uid of the new user */
-	int bad=0,done=0,correct=0,gets_warning=0;
-	char cmd[255];
-	struct group *grp;
-
-	/* flags, in order:
-	* bad to see if the username is in /etc/passwd, or if strange stuff has
-	* been typed if the user might be put in group 0
-	* done allows the program to exit when a user has been added
-	* correct loops until a password is found that isn't in /etc/passwd
-	* gets_warning allows the fflush to be skipped for the first gets
-	* so that output is still legible
-	*/
-
-	/* The real program starts HERE! */
-
-	if(geteuid()!=0)
-	{
-		printf("It seems you don't have access to add a new user.  Try\n");
-		printf("logging in as root or su root to gain super-user access.\n");
-		exit(1);
-	}
-
-	/* Sanity checks
-	*/
-
-	if (!(grp=getgrgid(DEFAULT_GROUP))){
-		printf("Error: the default group %d does not exist on this system!\n",
-				DEFAULT_GROUP);
-		printf("adduser must be recompiled.\n");
-		exit(1);
-	};
-
-	while(!correct) {		/* loop until a "good" uname is chosen */
-		while(!done) {
-			printf("\nLogin to add (^C to quit): ");
-			if(gets_warning)	/* if the warning was already shown */
-				fflush(stdout);	/* fflush stdout, otherwise set the flag */
-			else
-				gets_warning=1;
-
-			gets(uname);
-			if(!strlen(uname)) {
-				printf("Empty input.\n");
-				done=0;
-				continue;
-			};
-
-			/* what I saw here before made me think maybe I was running DOS */
-			/* might this be a solution? (chris) */
-			if (getpwnam(uname) != NULL) {
-				printf("That name is in use, choose another.\n");
-				done=0;
-			} else
-				done=1;
-		}; /* done, we have a valid new user name */
-
-		/* all set, get the rest of the stuff */
-		printf("\nEditing information for new user [%s]\n",uname);
-
-		printf("\nFull Name [%s]: ",uname);
-		gets(person);
-		if (!strlen(person)) {
-			bzero(person,sizeof(person));
-			strcpy(person,uname);
-		};
-
-		do {
-			bad=0;
-			printf("GID [%d]: ",DEFAULT_GROUP);
-			gets(foo);
-			if (!strlen(foo))
-				group=DEFAULT_GROUP;
-			else
-				if (isdigit (*foo)) {
-					group = atoi(foo);
-					if (! (grp = getgrgid (group))) {
-						printf("unknown gid %s\n",foo);
-						group=DEFAULT_GROUP;
-						bad=1;
-					};
-			} else
-				if ((grp = getgrnam (foo)))
-					group = grp->gr_gid;
-				else {
-					printf("unknown group %s\n",foo);
-					group=DEFAULT_GROUP;
-					bad=1;
-				}
-			if (group==0){	/* You're not allowed to make root group users! */
-				printf("Creation of root group users not allowed (must be done by hand)\n");
-				group=DEFAULT_GROUP;
-				bad=1;
-			};
-		} while(bad);
-
-
-		fflush(stdin);
-
-		printf("\nIf home dir ends with a / then [%s] will be appended to it\n",uname);
-		printf("Home Directory [%s/%s]: ",DEFAULT_HOME,uname);
-		fflush(stdout);
-		gets(dir);
-		if (!strlen(dir)) { /* hit return */
-			sprintf(dir,"%s/%s",DEFAULT_HOME,uname);
-			fflush(stdin);
-		} else
-			if (dir[strlen(dir)-1]=='/')
-				sprintf(dir+strlen(dir),"%s",uname);
-
-		printf("\nShell [%s]: ",DEFAULT_SHELL);
-		fflush(stdout);
-		gets(shell);
-		if (!strlen(shell))
-			sprintf(shell,"%s",DEFAULT_SHELL);
-
-		printf("\nMin. Password Change Days [0]: ");
-		gets(foo);
-		min_pass=atoi(foo);
-
-		printf("Max. Password Change Days [%d]: ",DEFAULT_MAX_PASS);
-		gets(foo);
-		if (strlen(foo) > 1)
-			max_pass = atoi(foo);
-		else
-			max_pass = DEFAULT_MAX_PASS;
-
-		printf("Password Warning Days [%d]: ",DEFAULT_WARN_PASS);
-		gets(foo);
-		warn_pass = atoi(foo);
-		if (warn_pass==0)
-			warn_pass = DEFAULT_WARN_PASS;
-
-		printf("Days after Password Expiry for Account Locking [%d]: ",DEFAULT_USER_DIE);
-		gets(foo);
-		user_die = atoi(foo);
-		if (user_die == 0)
-			user_die = DEFAULT_USER_DIE;
-
-		printf("\nInformation for new user [%s] [%s]:\n",uname,person);
-		printf("Home directory: [%s] Shell: [%s]\n",dir,shell);
-		printf("GID: [%d]\n",group);
-		printf("MinPass: [%d] MaxPass: [%d] WarnPass: [%d] UserExpire: [%d]\n",
-				min_pass,max_pass,warn_pass,user_die);
-		printf("\nIs this correct? [y/N]: ");
-		fflush(stdout);
-		gets(foo);
-
-		done=bad=correct=(foo[0]=='y'||foo[0]=='Y');
-
-		if(bad!=1)
-			printf("\nUser [%s] not added\n",uname);
-    }
-
-	bzero(cmd,sizeof(cmd));
-	sprintf(cmd,"%s -g %d -d %s -s %s -c \"%s\" -m -k /etc/skel %s",
-			USERADD_PATH,group,dir,shell,person,uname);
-	printf("Calling useradd to add new user:\n%s\n",cmd);
-	if(system(cmd)){
-		printf("User add failed!\n");
-		exit(errno);
-	};
-	bzero(cmd,sizeof(cmd));
-	sprintf(cmd,"%s -m %d -M %d -W %d -I %d %s", CHAGE_PATH,
-			min_pass,max_pass,warn_pass,user_die,uname);
-	printf("%s\n",cmd);
-	if(system(cmd)){
-		printf("There was an error setting password expire values\n");
-		exit(errno);
-	};
-	bzero(cmd,sizeof(cmd));
-	sprintf(cmd,"%s %s",PASSWD_PATH,uname);
-	system(cmd);
-	printf("\nDone.\n");
-}
-

lib/commonio.c

@@ -32,7 +32,7 @@
 
 /* local function prototypes */
 static int lrename (const char *, const char *);
-static int check_link_count (const char *file);
+static int check_link_count (const char *file, bool log);
 static int do_lock_file (const char *file, const char *lock, bool log);
 static /*@null@*/ /*@dependent@*/FILE *fopen_set_perms (
 	const char *name,
@@ -85,23 +85,31 @@ int lrename (const char *old, const char *new)
 	res = rename (old, new);
 
 #ifdef __GLIBC__
-	if (NULL != r) {
-		free (r);
-	}
+	free (r);
 #endif				/* __GLIBC__ */
 
 	return res;
 }
 
-static int check_link_count (const char *file)
+static int check_link_count (const char *file, bool log)
 {
 	struct stat sb;
 
 	if (stat (file, &sb) != 0) {
+		if (log) {
+			(void) fprintf (shadow_logfd,
+			                "%s: %s file stat error: %s\n",
+			                shadow_progname, file, strerror (errno));
+		}
 		return 0;
 	}
 
 	if (sb.st_nlink != 2) {
+		if (log) {
+			(void) fprintf (shadow_logfd,
+			                "%s: %s: lock file already used (nlink: %u)\n",
+			                shadow_progname, file, sb.st_nlink);
+		}
 		return 0;
 	}
 
@@ -153,12 +161,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	close (fd);
 
 	if (link (file, lock) == 0) {
-		retval = check_link_count (file);
-		if ((0==retval) && log) {
-			(void) fprintf (shadow_logfd,
-			                "%s: %s: lock file already used\n",
-			                shadow_progname, file);
-		}
+		retval = check_link_count (file, log);
 		unlink (file);
 		return retval;
 	}
@@ -219,12 +222,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 
 	retval = 0;
 	if (link (file, lock) == 0) {
-		retval = check_link_count (file);
-		if ((0==retval) && log) {
-			(void) fprintf (shadow_logfd,
-			                "%s: %s: lock file already used\n",
-			                shadow_progname, file);
-		}
+		retval = check_link_count (file, log);
 	} else {
 		if (log) {
 			(void) fprintf (shadow_logfd,
@@ -337,9 +335,7 @@ static void free_linked_list (struct commonio_db *db)
 		p = db->head;
 		db->head = p->next;
 
-		if (NULL != p->line) {
-			free (p->line);
-		}
+		free (p->line);
 
 		if (NULL != p->eptr) {
 			db->ops->free (p->eptr);
@@ -395,10 +391,8 @@ int commonio_lock_nowait (struct commonio_db *db, bool log)
 		err = 1;
 	}
 cleanup_ENOMEM:
-	if (file)
-		free(file);
-	if (lock)
-		free(lock);
+	free(file);
+	free(lock);
 	return err;
 }
 
@@ -1200,9 +1194,7 @@ int commonio_remove (struct commonio_db *db, const char *name)
 
 	commonio_del_entry (db, p);
 
-	if (NULL != p->line) {
-		free (p->line);
-	}
+	free (p->line);
 
 	if (NULL != p->eptr) {
 		db->ops->free (p->eptr);

lib/defines.h

@@ -310,14 +310,6 @@ extern char *strerror ();
 # define format_attr(type, index, check)
 #endif
 
-/* ! Arguments evaluated twice ! */
-#ifndef MIN
-#define MIN(a,b) (((a) < (b)) ? (a) : (b))
-#endif
-#ifndef MAX
-#define MAX(x,y) (((x) > (y)) ? (x) : (y))
-#endif
-
 /* Maximum length of usernames */
 #ifdef HAVE_UTMPX_H
 # include <utmpx.h>
@@ -335,6 +327,9 @@ extern char *strerror ();
 # endif
 #endif
 
+/* Maximum length of passwd entry */
+#define PASSWD_ENTRY_MAX_LENGTH 32768
+
 #ifdef HAVE_SECURE_GETENV
 #  define shadow_getenv(name) secure_getenv(name)
 # else

lib/getdef.c

@@ -388,10 +388,7 @@ int putdef_str (const char *name, const char *value)
 		return -1;
 	}
 
-	if (NULL != d->value) {
-		free (d->value);
-	}
-
+	free (d->value);
 	d->value = cp;
 	return 0;
 }

lib/groupio.c

@@ -418,9 +418,7 @@ static int split_groups (unsigned int max_members)
 		/* Shift all the members */
 		/* The number of members in new_gptr will be check later */
 		for (i = 0; NULL != new_gptr->gr_mem[i + max_members]; i++) {
-			if (NULL != new_gptr->gr_mem[i]) {
-				free (new_gptr->gr_mem[i]);
-			}
+			free (new_gptr->gr_mem[i]);
 			new_gptr->gr_mem[i] = new_gptr->gr_mem[i + max_members];
 			new_gptr->gr_mem[i + max_members] = NULL;
 		}

lib/groupmem.c

@@ -80,7 +80,7 @@ void gr_free (/*@out@*/ /*@only@*/struct group *grent)
 {
 	free (grent->gr_name);
 	if (NULL != grent->gr_passwd) {
-		memzero (grent->gr_passwd, strlen (grent->gr_passwd));
+		strzero (grent->gr_passwd);
 		free (grent->gr_passwd);
 	}
 	gr_free_members(grent);

lib/nss.c

@@ -59,7 +59,6 @@ void nss_init(const char *nsswitch_path) {
 	//   subid:	files
 	nssfp = fopen(nsswitch_path, "r");
 	if (!nssfp) {
-		fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
 		atomic_store(&nss_init_completed, true);
 		return;
 	}

lib/prototypes.h

@@ -483,7 +483,6 @@ extern bool valid (const char *, const struct passwd *);
 extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/void *xmalloc (size_t size)
   /*@ensures MaxSet(result) == (size - 1); @*/;
 extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *);
-extern void xfree(void *ap);
 
 /* xgetpwnam.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);

lib/pwio.c

@@ -56,7 +56,10 @@ static int passwd_put (const void *ent, FILE * file)
 	    || (pw->pw_gid == (gid_t)-1)
 	    || (valid_field (pw->pw_gecos, ":\n") == -1)
 	    || (valid_field (pw->pw_dir, ":\n") == -1)
-	    || (valid_field (pw->pw_shell, ":\n") == -1)) {
+	    || (valid_field (pw->pw_shell, ":\n") == -1)
+	    || (strlen (pw->pw_name) + strlen (pw->pw_passwd) +
+	        strlen (pw->pw_gecos) + strlen (pw->pw_dir) +
+	        strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) {
 		return -1;
 	}
 

lib/pwmem.c

@@ -73,7 +73,7 @@ void pw_free (/*@out@*/ /*@only@*/struct passwd *pwent)
 	if (pwent != NULL) {
 		free (pwent->pw_name);
 		if (pwent->pw_passwd) {
-			memzero (pwent->pw_passwd, strlen (pwent->pw_passwd));
+			strzero (pwent->pw_passwd);
 			free (pwent->pw_passwd);
 		}
 		free (pwent->pw_gecos);

lib/semanage.c

@@ -122,12 +122,14 @@ static int semanage_user_mod (semanage_handle_t *handle,
 		goto done;
 	}
 
-	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-	if (ret != 0) {
-		fprintf (shadow_logfd,
-		         _("Could not set serange for %s\n"), login_name);
-		ret = 1;
-		goto done;
+	if (semanage_mls_enabled(handle)) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+		if (ret != 0) {
+			fprintf (shadow_logfd,
+			         _("Could not set serange for %s\n"), login_name);
+			ret = 1;
+			goto done;
+		}
 	}
 
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
@@ -179,13 +181,14 @@ static int semanage_user_add (semanage_handle_t *handle,
 		goto done;
 	}
 
-	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-	if (ret != 0) {
-		fprintf (shadow_logfd,
-		         _("Could not set serange for %s\n"),
-		         login_name);
-		ret = 1;
-		goto done;
+	if (semanage_mls_enabled(handle)) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+		if (ret != 0) {
+			fprintf (shadow_logfd,
+			         _("Could not set serange for %s\n"), login_name);
+			ret = 1;
+			goto done;
+		}
 	}
 
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);

lib/sgetgrent.c

@@ -54,8 +54,7 @@ static char **list (char *s)
 				rbuf = malloc (size * sizeof (char *));
 			}
 			if (!rbuf) {
-				if (members)
-					free (members);
+				free (members);
 				members = 0;
 				size = 0;
 				return (char **) 0;
@@ -89,8 +88,7 @@ struct group *sgetgrent (const char *buf)
 	if (strlen (buf) + 1 > size) {
 		/* no need to use realloc() here - just free it and
 		   allocate a larger block */
-		if (grpbuf)
-			free (grpbuf);
+		free (grpbuf);
 		size = strlen (buf) + 1000;	/* at least: strlen(buf) + 1 */
 		grpbuf = malloc (size);
 		if (!grpbuf) {

lib/sgetpwent.c

@@ -16,6 +16,7 @@
 #include <stdio.h>
 #include <pwd.h>
 #include "prototypes.h"
+#include "shadowlog_internal.h"
 
 #define	NFIELDS	7
 
@@ -34,7 +35,7 @@
 struct passwd *sgetpwent (const char *buf)
 {
 	static struct passwd pwent;
-	static char pwdbuf[1024];
+	static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
 	int i;
 	char *cp;
 	char *fields[NFIELDS];
@@ -44,8 +45,12 @@ struct passwd *sgetpwent (const char *buf)
 	 * the password structure remain valid.
 	 */
 
-	if (strlen (buf) >= sizeof pwdbuf)
+	if (strlen (buf) >= sizeof pwdbuf) {
+		fprintf (shadow_logfd,
+		         "%s: Too long passwd entry encountered, file corruption?\n",
+		         shadow_progname);
 		return 0;	/* fail if too long */
+	}
 	strcpy (pwdbuf, buf);
 
 	/*

lib/sgetspent.c

@@ -16,6 +16,7 @@
 
 #include <sys/types.h>
 #include "prototypes.h"
+#include "shadowlog_internal.h"
 #include "defines.h"
 #include <stdio.h>
 #define	FIELDS	9
@@ -25,7 +26,7 @@
  */
 struct spwd *sgetspent (const char *string)
 {
-	static char spwbuf[1024];
+	static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
 	static struct spwd spwd;
 	char *fields[FIELDS];
 	char *cp;
@@ -37,6 +38,9 @@ struct spwd *sgetspent (const char *string)
 	 */
 
 	if (strlen (string) >= sizeof spwbuf) {
+		fprintf (shadow_logfd,
+		         "%s: Too long passwd entry encountered, file corruption?\n",
+		         shadow_progname);
 		return 0;	/* fail if too long */
 	}
 	strcpy (spwbuf, string);

lib/sgroupio.c

@@ -128,7 +128,7 @@ void sgr_free (/*@out@*/ /*@only@*/struct sgrp *sgent)
 	size_t i;
 	free (sgent->sg_name);
 	if (NULL != sgent->sg_passwd) {
-		memzero (sgent->sg_passwd, strlen (sgent->sg_passwd));
+		strzero (sgent->sg_passwd);
 		free (sgent->sg_passwd);
 	}
 	for (i = 0; NULL != sgent->sg_adm[i]; i++) {

lib/shadowio.c

@@ -56,7 +56,9 @@ static int shadow_put (const void *ent, FILE * file)
 
 	if (   (NULL == sp)
 	    || (valid_field (sp->sp_namp, ":\n") == -1)
-	    || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
+	    || (valid_field (sp->sp_pwdp, ":\n") == -1)
+	    || (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) +
+	        1000 > PASSWD_ENTRY_MAX_LENGTH)) {
 		return -1;
 	}
 

lib/shadowmem.c

@@ -59,7 +59,7 @@ void spw_free (/*@out@*/ /*@only@*/struct spwd *spent)
 	if (spent != NULL) {
 		free (spent->sp_namp);
 		if (NULL != spent->sp_pwdp) {
-			memzero (spent->sp_pwdp, strlen (spent->sp_pwdp));
+			strzero (spent->sp_pwdp);
 			free (spent->sp_pwdp);
 		}
 		free (spent);

lib/tcbfuncs.c

@@ -380,9 +380,7 @@ shadowtcb_status shadowtcb_set_user (const char* name)
 		return SHADOWTCB_SUCCESS;
 	}
 
-	if (NULL != stored_tcb_user) {
-		free (stored_tcb_user);
-	}
+	free (stored_tcb_user);
 
 	stored_tcb_user = strdup (name);
 	if (NULL == stored_tcb_user) {

libmisc/chkname.c

@@ -32,26 +32,44 @@ static bool is_valid_name (const char *name)
 	}
 
 	/*
-	 * User/group names must match [a-z_][a-z0-9_-]*[$]
-	 */
+         * User/group names must match gnu e-regex:
+         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
+         *
+         * as a non-POSIX, extension, allow "$" as the last char for
+         * sake of Samba 3.x "add machine script"
+         *
+         * Also do not allow fully numeric names or just "." or "..".
+         */
+	int numeric;
 
-	if (('\0' == *name) ||
-	    !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
+	if ('\0' == *name ||
+	    ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
+			      '\0' == name[1])) ||
+	    !((*name >= 'a' && *name <= 'z') ||
+	      (*name >= 'A' && *name <= 'Z') ||
+	      (*name >= '0' && *name <= '9') ||
+	      *name == '_' ||
+	      *name == '.')) {
 		return false;
 	}
 
+	numeric = isdigit(*name);
+
 	while ('\0' != *++name) {
-		if (!(( ('a' <= *name) && ('z' >= *name) ) ||
-		      ( ('0' <= *name) && ('9' >= *name) ) ||
-		      ('_' == *name) ||
-		      ('-' == *name) ||
-		      ( ('$' == *name) && ('\0' == *(name + 1)) )
+		if (!((*name >= 'a' && *name <= 'z') ||
+		      (*name >= 'A' && *name <= 'Z') ||
+		      (*name >= '0' && *name <= '9') ||
+		      *name == '_' ||
+		      *name == '.' ||
+		      *name == '-' ||
+		      (*name == '$' && name[1] == '\0')
 		     )) {
 			return false;
 		}
+		numeric &= isdigit(*name);
 	}
 
-	return true;
+	return !numeric;
 }
 
 bool is_valid_user_name (const char *name)

libmisc/copydir.c

@@ -126,12 +126,12 @@ static int perm_copy_path(const struct path_info *src,
 {
 	int src_fd, dst_fd, ret;
 
-	src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
+	src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
 	if (src_fd < 0) {
 		return -1;
 	}
 
-	dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
+	dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
 	if (dst_fd < 0) {
 		(void) close (src_fd);
 		return -1;
@@ -152,12 +152,12 @@ static int attr_copy_path(const struct path_info *src,
 {
 	int src_fd, dst_fd, ret;
 
-	src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
+	src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
 	if (src_fd < 0) {
 		return -1;
 	}
 
-	dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
+	dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
 	if (dst_fd < 0) {
 		(void) close (src_fd);
 		return -1;
@@ -354,12 +354,8 @@ static int copy_tree_impl (const struct path_info *src, const struct path_info *
 				                  old_uid, new_uid,
 				                  old_gid, new_gid);
 			}
-			if (NULL != src_name) {
-				free (src_name);
-			}
-			if (NULL != dst_name) {
-				free (dst_name);
-			}
+			free (src_name);
+			free (dst_name);
 		}
 	}
 	(void) closedir (dir);
@@ -522,15 +518,14 @@ static int copy_dir (const struct path_info *src, const struct path_info *dst,
 		return -1;
 	}
 #endif				/* WITH_SELINUX */
-	if (   (mkdirat (dst->dirfd, dst->name, statp->st_mode) != 0)
+	if (   (mkdirat (dst->dirfd, dst->name, 0700) != 0)
 	    || (chownat_if_needed (dst, statp,
 	                         old_uid, new_uid, old_gid, new_gid) != 0)
+	    || (fchmodat (dst->dirfd, dst->name, statp->st_mode & 07777, AT_SYMLINK_NOFOLLOW) != 0)
 #ifdef WITH_ACL
 	    || (   (perm_copy_path (src, dst, &ctx) != 0)
 	        && (errno != 0))
-#else				/* !WITH_ACL */
-	    || (chmod (dst, statp->st_mode) != 0)
-#endif				/* !WITH_ACL */
+#endif				/* WITH_ACL */
 #ifdef WITH_ATTR
 	/*
 	 * If the third parameter is NULL, all extended attributes
@@ -719,12 +714,11 @@ static int copy_special (const struct path_info *src, const struct path_info *ds
 	if (   (mknodat (dst->dirfd, dst->name, statp->st_mode & ~07777U, statp->st_rdev) != 0)
 	    || (chownat_if_needed (dst, statp,
 	                         old_uid, new_uid, old_gid, new_gid) != 0)
+	    || (fchmodat (dst->dirfd, dst->name, statp->st_mode & 07777, AT_SYMLINK_NOFOLLOW) != 0)
 #ifdef WITH_ACL
 	    || (   (perm_copy_path (src, dst, &ctx) != 0)
 	        && (errno != 0))
-#else				/* !WITH_ACL */
-	    || (fchmodat (dst->dirfd, dst->name, statp->st_mode & 07777, AT_SYMLINK_NOFOLLOW) != 0)
-#endif				/* !WITH_ACL */
+#endif				/* WITH_ACL */
 #ifdef WITH_ATTR
 	/*
 	 * If the third parameter is NULL, all extended attributes
@@ -810,16 +804,15 @@ static int copy_file (const struct path_info *src, const struct path_info *dst,
 		return -1;
 	}
 #endif				/* WITH_SELINUX */
-	ofd = openat (dst->dirfd, dst->name, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC | O_NOFOLLOW | O_CLOEXEC, statp->st_mode & 07777);
+	ofd = openat (dst->dirfd, dst->name, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC | O_NOFOLLOW | O_CLOEXEC, 0600);
 	if (   (ofd < 0)
 	    || (fchown_if_needed (ofd, statp,
 	                          old_uid, new_uid, old_gid, new_gid) != 0)
+	    || (fchmod (ofd, statp->st_mode & 07777) != 0)
 #ifdef WITH_ACL
 	    || (   (perm_copy_fd (src->full_path, ifd, dst->full_path, ofd, &ctx) != 0)
 	        && (errno != 0))
-#else				/* !WITH_ACL */
-	    || (fchmod (ofd, statp->st_mode & 07777) != 0)
-#endif				/* !WITH_ACL */
+#endif				/* WITH_ACL */
 #ifdef WITH_ATTR
 	/*
 	 * If the third parameter is NULL, all extended attributes

libmisc/find_new_gid.c

@@ -60,6 +60,13 @@ static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
                             (unsigned long) *max_id);
 			return EINVAL;
 		}
+		/*
+		 * Zero is reserved for root and the allocation algorithm does not
+		 * work right with it.
+		 */
+		if (*min_id == 0) {
+			*min_id = (gid_t) 1;
+		}
 	} else {
 		/* Non-system groups */
 

libmisc/find_new_uid.c

@@ -60,6 +60,13 @@ static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
                             (unsigned long) *max_id);
 			return EINVAL;
 		}
+		/*
+		 * Zero is reserved for root and the allocation algorithm does not
+		 * work right with it.
+		 */
+		if (*min_id == 0) {
+			*min_id = (uid_t) 1;
+		}
 	} else {
 		/* Non-system users */
 

libmisc/utmp.c

@@ -19,6 +19,7 @@
 #endif
 
 #include <assert.h>
+#include <sys/param.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netdb.h>

libmisc/xmalloc.c

@@ -44,10 +44,3 @@
 {
 	return strcpy (xmalloc (strlen (str) + 1), str);
 }
-
-void xfree(void *ap)
-{
-	if (ap) {
-		free(ap);
-	}
-}

libsubid/api.c

@@ -17,6 +17,31 @@
 #include "subid.h"
 #include "shadowlog.h"
 
+bool subid_init(const char *progname, FILE * logfd)
+{
+	FILE *shadow_logfd;
+	if (progname) {
+		progname = strdup(progname);
+		if (!progname)
+			return false;
+		log_set_progname(progname);
+	} else {
+		log_set_progname("(libsubid)");
+	}
+
+	if (logfd) {
+		log_set_logfd(logfd);
+		return true;
+	}
+	shadow_logfd = fopen("/dev/null", "w");
+	if (!shadow_logfd) {
+		log_set_logfd(stderr);
+		return false;
+	}
+	log_set_logfd(shadow_logfd);
+	return true;
+}
+
 static
 int get_subid_ranges(const char *owner, enum subid_type id_type, struct subid_range **ranges)
 {

libsubid/subid.h.in

@@ -39,6 +39,22 @@ enum subid_status {
 extern "C" {
 #endif
 
+/*
+ * subid_init: initialize libsubid
+ *
+ * @progname: Name to display as program.  If NULL, then "(libsubid)" will be
+ *            shown in error messages.
+ * @logfd:    Open file pointer to pass error messages to.  If NULL, then
+ *            /dev/null will be opened and messages will be sent there.  The
+ *            default if libsubid_init() is not called is stderr (2).
+ *
+ * This function does not need to be called.  If not called, then the defaults
+ * will be used.
+ *
+ * Returns false if an error occurred.
+ */
+bool subid_init(const char *progname, FILE *logfd);
+
 /*
  * subid_get_uid_ranges: return a list of UID ranges for a user
  *

man/groupadd.8.xml

@@ -64,10 +64,12 @@
       files as needed.
     </para>
      <para>
-       Groupnames must start with a lower case letter or an underscore,
-       followed by lower case letters, digits, underscores, or dashes.
-       They can end with a dollar sign.
-       In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+       Groupnames may contain only lower and upper case letters, digits,
+       underscores, or dashes. They can end with a dollar sign.
+
+       Dashes are not allowed at the beginning of the groupname.
+       Fully numeric groupnames and groupnames . or .. are
+       also disallowed.
      </para>
      <para>
        Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.

man/useradd.8.xml

@@ -248,7 +248,7 @@
 	    command line), useradd will set the primary group of the new
 	    user to the value specified by the <option>GROUP</option>
 	    variable in <filename>/etc/default/useradd</filename>, or
-	    100 by default.
+	    1000 by default.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -522,7 +522,7 @@
             the system will use the <option>SHELL</option> variable specified
 	    in <filename>/etc/default/useradd</filename>, or, if that is as
 	    well not set, the field for the login shell in <filename>/etc/passwd
-	    </filename>remains empty.
+	    </filename> remains empty.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -692,10 +692,14 @@
     </para>
 
     <para>
-      Usernames must start with a lower case letter or an underscore,
-      followed by lower case letters, digits, underscores, or dashes.
-      They can end with a dollar sign.
-      In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+      Usernames may contain only lower and upper case letters, digits,
+      underscores, or dashes. They can end with a dollar sign.
+
+      Dashes are not allowed at the beginning of the username.
+      Fully numeric usernames and usernames . or .. are
+      also disallowed. It is not recommended to use usernames beginning
+      with . character as their home directories will be hidden in
+      the <command>ls</command> output.
     </para>
     <para>
       Usernames may only be up to 32 characters long.

po/LINGUAS

@@ -15,6 +15,7 @@ hu
 id
 it
 ja
+ka
 kk
 km
 ko

po/nl.po

@@ -1,14 +1,14 @@
 # dutch po-file for shadow
 # Copyright (C) 2004 Free Software Foundation, Inc.
 # Bart Cornelis <cobaco@linux.be>, 2004, 2006.
-# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014-2021.
+# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014-2022.
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: shadow 4.9\n"
+"Project-Id-Version: shadow 4.12.2\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
 "POT-Creation-Date: 2022-07-27 22:49+0800\n"
-"PO-Revision-Date: 2021-09-13 21:00+0200\n"
+"PO-Revision-Date: 2022-09-27 17:08+0200\n"
 "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
 "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
 "Language: nl\n"
@@ -541,10 +541,10 @@ msgstr "%s: optie '%s' vereist een argument\n"
 msgid "%s: failed to drop privileges (%s)\n"
 msgstr "%s: afgeven van rechten is mislukt (%s)\n"
 
-#, fuzzy, c-format
-#| msgid "%s: invalid chroot path '%s'\n"
+#, c-format
 msgid "%s: invalid chroot path '%s', only absolute paths are supported.\n"
-msgstr "%s: ongeldig chroot-pad '%s'\n"
+msgstr ""
+"%s: ongeldig chroot-pad '%s', enkel absolute paden worden ondersteund.\n"
 
 #, c-format
 msgid "%s: cannot access chroot directory %s: %s\n"
@@ -1800,9 +1800,8 @@ msgstr ""
 "%s: Doelproces %u is van een andere gebruiker: uid:%lu pw_uid:%lu st_uid:"
 "%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
 
-#, fuzzy
 msgid "  -b, --badname                 allow bad names\n"
-msgstr "  -b, --badname                slechte namen toestaan\n"
+msgstr "  -b, --badname                 slechte namen toestaan\n"
 
 msgid "  -r, --system                  create system accounts\n"
 msgstr "  -r, --system                  systeem-accounts aanmaken\n"
@@ -1993,10 +1992,9 @@ msgstr "Het wachtwoord van %s kan niet veranderd worden.\n"
 msgid "The password for %s cannot be changed yet.\n"
 msgstr "Het wachtwoord van %s kan nog niet veranderd worden.\n"
 
-#, fuzzy, c-format
-#| msgid "%s: shadow passwords required for -e\n"
+#, c-format
 msgid "%s: malformed password data obtained for user %s\n"
-msgstr "%s: shadow-wachtwoorden zijn vereist voor -e\n"
+msgstr "%s: misvormde wachtwoordgegevens verkregen voor gebruiker %s\n"
 
 #, c-format
 msgid ""
@@ -2070,10 +2068,9 @@ msgstr "ongeldige regel in het wachtwoordbestand"
 msgid "duplicate password entry"
 msgstr "identieke regel in wachtwoordbestand"
 
-#, fuzzy, c-format
-#| msgid "%s: invalid user name '%s': use --badname to ignore\n"
+#, c-format
 msgid "invalid user name '%s': use --badname to ignore\n"
-msgstr "%s: ongeldige gebruikersnaam '%s': gebruik --badname om te negeren\n"
+msgstr "ongeldige gebruikersnaam '%s': gebruik --badname om te negeren\n"
 
 #, c-format
 msgid "invalid user ID '%lu'\n"
@@ -2295,10 +2292,9 @@ msgstr "%s: de %s-instellingen in %s zullen genegeerd worden\n"
 msgid "%s: cannot create new defaults file: %s\n"
 msgstr "%s: kan geen nieuw bestand met standaardwaarden aanmaken: %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: cannot create new defaults file\n"
+#, c-format
 msgid "%s: cannot create directory for defaults file\n"
-msgstr "%s: kan geen nieuw bestand met standaardwaarden aanmaken\n"
+msgstr "%s: kan geen map aanmaken voor bestand met standaardwaarden\n"
 
 #, c-format
 msgid "%s: cannot create new defaults file\n"
@@ -2346,9 +2342,8 @@ msgstr ""
 "\n"
 "Opties:\n"
 
-#, fuzzy
 msgid "      --badname                 do not check for bad names\n"
-msgstr "      --badname                niet op slechte namen controleren\n"
+msgstr "      --badname                 niet op slechte namen controleren\n"
 
 msgid ""
 "  -b, --base-dir BASE_DIR       base directory for the home directory of "
@@ -2599,14 +2594,9 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Bestandsrechten van postvak-bestand worden ingesteld"
 
-#, fuzzy, c-format
-#| msgid ""
-#| "%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d "
-#| "range.\n"
+#, c-format
 msgid "%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"
-msgstr ""
-"%s waarschuwing: %s zijn/haar uid %d valt buiten het bereik SYS_UID_MIN %d "
-"en SYS_UID_MAX %d.\n"
+msgstr "%s waarschuwing: %s zijn/haar uid %d is groter dan SYS_UID_MAX %d.\n"
 
 #, c-format
 msgid ""
@@ -2828,20 +2818,13 @@ msgstr ""
 "  -p, --password WACHTWOORD     versleuteld wachtwoord als nieuw wachtwoord\n"
 "                                gebruiken\n"
 
-#, fuzzy
-#| msgid ""
-#| "  -a, --append                  append the user to the supplemental "
-#| "GROUPS\n"
-#| "                                mentioned by the -G option without "
-#| "removing\n"
-#| "                                the user from other groups\n"
 msgid ""
 "  -r, --remove                  remove the user from only the supplemental "
 "GROUPS\n"
 "                                mentioned by the -G option without removing\n"
 "                                the user from other groups\n"
 msgstr ""
-"  -a, --append                  gebruiker toevoegen aan de bijkomende "
+"  -r, --remove                  gebruiker verwijderen uit de bijkomende "
 "GROEPEN,\n"
 "                                vermeld bij de optie -G, zonder hem/haar\n"
 "                                te verwijderen uit andere groepen\n"
@@ -2907,7 +2890,7 @@ msgstr "%s: geen opties\n"
 
 #, c-format
 msgid "%s: %s and %s are mutually exclusive flags\n"
-msgstr ""
+msgstr "%s: %s en %s zijn elkaar uitsluitende vlaggen\n"
 
 #, c-format
 msgid "%s: the -L, -p, and -U flags are exclusive\n"
@@ -3082,22 +3065,3 @@ msgstr "%s: kan %s niet herstellen: %s (uw aanpassingen staan in %s)\n"
 #, c-format
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: tcb-map van %s vinden is mislukt\n"
-
-#~ msgid "Usage: id\n"
-#~ msgstr "Gebruik: id\n"
-
-#, c-format
-#~ msgid "Last login: %.19s on %s"
-#~ msgstr "Laatst aangemeld: %.19s om %s"
-
-#, c-format
-#~ msgid "%s: invalid user name '%s'\n"
-#~ msgstr "%s: ongeldige gebruikersnaam '%s'\n"
-
-#, c-format
-#~ msgid "%s: password expiry information changed.\n"
-#~ msgstr "%s: gegevens in verband met wachtwoordverloop zijn gewijzigd.\n"
-
-#, c-format
-#~ msgid "invalid user name '%s'\n"
-#~ msgstr "ongeldige gebruikersnaam '%s'\n"

src/chage.c

@@ -228,7 +228,7 @@ static void print_date (time_t date)
 	if (NULL == tp) {
 		(void) printf ("time_t: %lu\n", (unsigned long)date);
 	} else {
-		(void) strftime (buf, sizeof buf, iflg ? "%%Y-%%m-%%d" : "%%b %%d, %%Y", tp);
+		(void) strftime (buf, sizeof buf, iflg ? "%Y-%m-%d" : "%b %d, %Y", tp);
 		(void) puts (buf);
 	}
 }

src/gpasswd.c

@@ -1186,17 +1186,11 @@ int main (int argc, char **argv)
 
 #ifdef SHADOWGRP
 	if (is_shadowgrp) {
-		if (sgent.sg_adm) {
-			xfree(sgent.sg_adm);
-		}
-		if (sgent.sg_mem) {
-			xfree(sgent.sg_mem);
-		}
+		free(sgent.sg_adm);
+		free(sgent.sg_mem);
 	}
 #endif
-	if (grent.gr_mem) {
-		xfree(grent.gr_mem);
-	}
+	free(grent.gr_mem);
 	exit (E_SUCCESS);
 }
 

src/lastlog.c

@@ -150,9 +150,12 @@ static void print_one (/*@null@*/const struct passwd *pw)
 
 	ll_time = ll.ll_time;
 	tm = localtime (&ll_time);
-	strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
-	cp = ptime;
-
+	if (tm == NULL) {
+		cp = "(unknown)";
+	} else {
+		strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
+		cp = ptime;
+	}
 	if (ll.ll_time == (time_t) 0) {
 		cp = _("**Never logged in**\0");
 	}

src/login.c

@@ -419,9 +419,7 @@ static void get_pam_user (char **ptr_pam_user)
 	retcode = pam_get_item (pamh, PAM_USER, (const void **)&ptr_user);
 	PAM_FAIL_CHECK;
 
-	if (NULL != *ptr_pam_user) {
-		free (*ptr_pam_user);
-	}
+	free (*ptr_pam_user);
 	if (NULL != ptr_user) {
 		*ptr_pam_user = xstrdup ((const char *)ptr_user);
 	} else {
@@ -872,9 +870,7 @@ int main (int argc, char **argv)
 	 * PAM APIs.
 	 */
 	get_pam_user (&pam_user);
-	if (NULL != username) {
-		free (username);
-	}
+	free (username);
 	username = xstrdup (pam_user);
 	failent_user = get_failent_user (username);
 

src/newusers.c

@@ -285,8 +285,7 @@ static int add_group (const char *name, const char *gid, gid_t *ngid, uid_t uid)
 		fprintf (stderr,
 		         _("%s: invalid group name '%s'\n"),
 		         Prog, grent.gr_name);
-		if (grent.gr_name)
-			free (grent.gr_name);
+		free (grent.gr_name);
 		return -1;
 	}
 

src/sulogin.c

@@ -216,7 +216,7 @@ static void catch_signals (unused int sig)
 		sleep (2);
 		(void) puts (_("Login incorrect"));
 	}
-	strzero (pass);
+	memzero (pass, sizeof pass);
 	(void) alarm (0);
 	(void) signal (SIGALRM, SIG_DFL);
 	environ = newenvp;	/* make new environment active */

src/useradd.c

@@ -1996,8 +1996,9 @@ static void faillog_reset (uid_t uid)
 	struct faillog fl;
 	int fd;
 	off_t offset_uid = (off_t) (sizeof fl) * uid;
+	struct stat st;
 
-	if (access (FAILLOG_FILE, F_OK) != 0) {
+	if (stat (FAILLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
 		return;
 	}
 
@@ -2033,8 +2034,9 @@ static void lastlog_reset (uid_t uid)
 	int fd;
 	off_t offset_uid = (off_t) (sizeof ll) * uid;
 	uid_t max_uid;
+	struct stat st;
 
-	if (access (LASTLOG_FILE, F_OK) != 0) {
+	if (stat (LASTLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
 		return;
 	}
 
@@ -2370,7 +2372,7 @@ static void create_mail (void)
 		if (NULL == spool) {
 			return;
 		}
-		file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 2);
+		file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 3);
 		if (prefix[0])
 			sprintf (file, "%s/%s/%s", prefix, spool, user_name);
 		else

src/usermod.c

@@ -716,7 +716,7 @@ static void update_group (void)
 		* If rflg+Gflg  is passed in AKA -rG invert is_member flag, which removes
 		* mentioned groups while leaving the others.
 		*/
-		if (Gflg && rflg && was_member) {
+		if (Gflg && rflg) {
 			is_member = !is_member;
 		}
 
@@ -765,7 +765,7 @@ static void update_group (void)
 				         "delete '%s' from group '%s'",
 				         user_name, ngrp->gr_name));
 			}
-		} else {
+		} else if (is_member) {
 			/* User was not a member but is now a member this
 			 * group.
 			 */
@@ -839,7 +839,7 @@ static void update_gshadow (void)
 		* If rflg+Gflg  is passed in AKA -rG invert is_member, to remove targeted
 		* groups while leaving the user apart of groups not mentioned
 		*/
-		if (Gflg && rflg && was_member) {
+		if (Gflg && rflg) {
 			is_member = !is_member;
 		}
 
@@ -1882,6 +1882,11 @@ static void move_home (void)
 			         Prog, prefix_user_home, prefix_user_newhome);
 			fail_exit (E_HOMEDIR);
 		}
+	} else {
+		fprintf (stderr,
+		         _("%s: The previous home directory (%s) does not "
+		           "exist or is inaccessible. Move cannot be completed.\n"),
+		         Prog, prefix_user_home);
 	}
 }