From 7baffa5e74b9eea72635e644461069dcd478a259 Mon Sep 17 00:00:00 2001
From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Wed, 16 Apr 2008 21:52:46 +0000
Subject: [PATCH] Ensure that getpwent() is used in setpwent(), getpwent(),
 endpwend() sequences (ditto for getgrent(), getspent(), and getsgent()). The
 only real (minor) issue was in login, which kept the passwd file open. *
 libmisc/entry.c: Remove unneeded setspent() and endspent() (only   getspnam
 is called in the middle). * libmisc/find_new_ids.c: Make sure to close the
 password and   group files with endpwent() and endgrent(). *
 libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()   is called
 before). * src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,  
 src/groups.c: Make sure to close   the password file with endpwent(). *
 src/login.c: Remove unneeded setpwent() (only xgetpwnam is   called before).
 * src/login.c, src/newgrp.c: Fix typos in comments.

---
 ChangeLog              | 19 +++++++++++++++++++
 libmisc/entry.c        |  3 ---
 libmisc/find_new_ids.c |  2 ++
 libmisc/pwdcheck.c     |  1 -
 src/faillog.c          |  9 +++++++--
 src/groupmod.c         |  1 +
 src/groups.c           |  4 ++--
 src/lastlog.c          |  3 ++-
 src/login.c            |  3 +--
 src/newgrp.c           |  2 +-
 src/passwd.c           |  4 +++-
 11 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index dc3630a9..ac6fef85 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,22 @@
+2008-04-16  Nicolas François  <nicolas.francois@centraliens.net>
+
+	Ensure that getpwent() is used in setpwent(), getpwent(),
+	endpwend() sequences (ditto for getgrent(), getspent(), and
+	getsgent()). The only real (minor) issue was in login, which kept
+	the passwd file open.
+	* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
+	getspnam is called in the middle).
+	* libmisc/find_new_ids.c: Make sure to close the password and
+	group files with endpwent() and endgrent().
+	* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
+	is called before).
+	* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
+	src/groups.c: Make sure to close
+	the password file with endpwent().
+	* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
+	called before).
+	* src/login.c, src/newgrp.c: Fix typos in comments.
+
 2008-04-16  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* NEWS, configure.in: Fix the detection of the audit, pam, and
diff --git a/libmisc/entry.c b/libmisc/entry.c
index 5b95eba1..3316c8d5 100644
--- a/libmisc/entry.c
+++ b/libmisc/entry.c
@@ -54,14 +54,11 @@ void pw_entry (const char *name, struct passwd *pwent)
 		pwent->pw_dir = xstrdup (passwd->pw_dir);
 		pwent->pw_shell = xstrdup (passwd->pw_shell);
 #if !defined(AUTOSHADOW)
-		setspent ();
 		/* local, no need for xgetspnam */
 		if ((spwd = getspnam (name))) {
 			pwent->pw_passwd = xstrdup (spwd->sp_pwdp);
-			endspent ();
 			return;
 		}
-		endspent ();
 #endif
 		pwent->pw_passwd = xstrdup (passwd->pw_passwd);
 	}
diff --git a/libmisc/find_new_ids.c b/libmisc/find_new_ids.c
index 66dc6e80..90e4ceef 100644
--- a/libmisc/find_new_ids.c
+++ b/libmisc/find_new_ids.c
@@ -65,6 +65,7 @@ int find_new_uid (int sys_user, uid_t *uid, uid_t const *preferred_uid)
 			user_id = pwd->pw_uid + 1;
 		}
 	}
+	endpwent ();
 
 	/*
 	 * If a user with UID equal to UID_MAX exists, the above algorithm
@@ -146,6 +147,7 @@ int find_new_gid (int sys_group, gid_t *gid, gid_t const *preferred_gid)
 			group_id = grp->gr_gid + 1;
 		}
 	}
+	endgrent ();
 
 	/*
 	 * If a group with GID equal to GID_MAX exists, the above algorithm
diff --git a/libmisc/pwdcheck.c b/libmisc/pwdcheck.c
index 1750ebf3..ce0a4f2c 100644
--- a/libmisc/pwdcheck.c
+++ b/libmisc/pwdcheck.c
@@ -46,7 +46,6 @@ void passwd_check (const char *user, const char *passwd, const char *progname)
 
 	if ((sp = getspnam (user))) /* !USE_PAM, no need for xgetspnam */
 		passwd = sp->sp_pwdp;
-	endspent ();
 	if (pw_auth (passwd, user, PW_LOGIN, (char *) 0) != 0) {
 		SYSLOG ((LOG_WARN, WRONGPWD2, user));
 		sleep (1);
diff --git a/src/faillog.c b/src/faillog.c
index 024e044d..36c38ff0 100644
--- a/src/faillog.c
+++ b/src/faillog.c
@@ -170,6 +170,7 @@ static void reset (void)
 		while ( (pwent = getpwent ()) != NULL ) {
 			reset_one (pwent->pw_uid);
 		}
+		endpwent ();
 	}
 }
 
@@ -246,8 +247,10 @@ static void setmax (int max)
 		setmax_one (user, max);
 	} else {
 		setpwent ();
-		while ((pwent = getpwent ()))
+		while ( (pwent = getpwent ()) != NULL ) {
 			setmax_one (pwent->pw_uid, max);
+		}
+		endpwent ();
 	}
 }
 
@@ -288,8 +291,10 @@ static void set_locktime (long locktime)
 		set_locktime_one (user, locktime);
 	} else {
 		setpwent ();
-		while ((pwent = getpwent ()))
+		while ( (pwent = getpwent ()) != NULL ) {
 			set_locktime_one (pwent->pw_uid, locktime);
+		}
+		endpwent ();
 	}
 }
 
diff --git a/src/groupmod.c b/src/groupmod.c
index 274c3adb..1a3f55b3 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -547,6 +547,7 @@ void update_primary_groups (gid_t ogid, gid_t ngid)
 			}
 		}
 	}
+	endpwent ();
 }
 
 /*
diff --git a/src/groups.c b/src/groups.c
index 53fdfb7d..9f89a705 100644
--- a/src/groups.c
+++ b/src/groups.c
@@ -57,13 +57,12 @@ static void print_groups (const char *member)
 	struct passwd *pwd;
 	int flag = 0;
 
-	setgrent ();
-
 	/* local, no need for xgetpwnam */
 	if ((pwd = getpwnam (member)) == 0) {
 		fprintf (stderr, _("%s: unknown user %s\n"), Prog, member);
 		exit (1);
 	}
+	setgrent ();
 	while ((grp = getgrent ())) {
 		if (is_on_list (grp->gr_mem, member)) {
 			if (groups++)
@@ -74,6 +73,7 @@ static void print_groups (const char *member)
 				flag = 1;
 		}
 	}
+	endgrent ();
 	/* local, no need for xgetgrgid */
 	if (!flag && (grp = getgrgid (pwd->pw_gid))) {
 		if (groups++)
diff --git a/src/lastlog.c b/src/lastlog.c
index 445a1cc7..7b70bae6 100644
--- a/src/lastlog.c
+++ b/src/lastlog.c
@@ -128,7 +128,7 @@ static void print (void)
 	uid_t user;
 
 	setpwent ();
-	while ((pwent = getpwent ())) {
+	while ( (pwent = getpwent ()) != NULL ) {
 		user = pwent->pw_uid;
 		if (uflg &&
 		    ((umin != -1 && user < (uid_t)umin) ||
@@ -149,6 +149,7 @@ static void print (void)
 
 		print_one (pwent);
 	}
+	endpwent ();
 }
 
 int main (int argc, char **argv)
diff --git a/src/login.c b/src/login.c
index aa9e5560..79f3eedd 100644
--- a/src/login.c
+++ b/src/login.c
@@ -738,7 +738,6 @@ int main (int argc, char **argv)
 		 */
 		retcode =
 		    pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
-		setpwent ();
 		pwd = xgetpwnam (pam_user);
 		if (!pwd) {
 			SYSLOG ((LOG_ERR, "xgetpwnam(%s) failed",
@@ -962,7 +961,7 @@ int main (int argc, char **argv)
 	if (pwent.pw_shell[0] == '*') {	/* subsystem root */
 		pwent.pw_shell++;	/* skip the '*' */
 		subsystem (&pwent);	/* figure out what to execute */
-		subroot++;	/* say i was here again */
+		subroot++;	/* say I was here again */
 		endpwent ();	/* close all of the file which were */
 		endgrent ();	/* open in the original rooted file */
 		endspent ();	/* system. they will be re-opened */
diff --git a/src/newgrp.c b/src/newgrp.c
index bf94d8bd..3f07a4ed 100644
--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -695,7 +695,7 @@ int main (int argc, char **argv)
 		prog = "/bin/sh";
 
 	/*
-	 * Now i try to find the basename of the login shell. This will
+	 * Now I try to find the basename of the login shell. This will
 	 * become argv[0] of the spawned command.
 	 */
 	cp = Basename ((char *) prog);
diff --git a/src/passwd.c b/src/passwd.c
index e85b2fe2..42df517b 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -848,8 +848,10 @@ int main (int argc, char **argv)
 			exit (E_NOPERM);
 		}
 		setpwent ();
-		while ((pw = getpwent ()))
+		while ( (pw = getpwent ()) != NULL ) {
 			print_status (pw);
+		}
+		endpwent ();
 		exit (E_SUCCESS);
 	}
 #if 0