pwd: implement missing functions#480
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
from
61fcc68 to
25b46d7
Compare
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds POSIX-compliant reentrant and non-reentrant password database lookup functions (getpwuid_r, getpwent, setpwent, endpwent) and refactors existing password parsing logic in unistd/pwd.c. The review identifies several critical issues: a potential buffer overflow in readpwentry when maxlen is 0 due to unsigned underflow, multiple bugs in getpwby_r (including incorrect error code returns and incorrect handling of empty files), a critical position-tracking bug in getpwent that skips characters on subsequent lines, and an opportunity to simplify setpwent using rewind.
Unit Test Results10 911 tests +51 10 241 ✅ +51 52m 30s ⏱️ - 1m 36s Results for commit 9078025. ± Comparison against base commit 7f48b67. This pull request removes 222 and adds 273 tests. Note that renamed tests count towards both.♻️ This comment has been updated with latest results. |
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
from
25b46d7 to
c323ff5
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request adds declarations and implementations for reentrant and stateful password database functions, including getpwuid_r, getpwent, endpwent, and setpwent, alongside refactoring the internal parsing logic in unistd/pwd.c. The review highlights critical issues: a security vulnerability in readid where an empty UID string is parsed as root (0), a bug in getpwby_r where the buffer offset n is not reset when skipping non-matching entries (leading to premature ERANGE errors), and fragility in pwentlast when handling empty or trailing lines.
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
from
c323ff5 to
118fd18
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request implements reentrant password database lookup functions (getpwuid_r, getpwnam_r) and sequential access functions (getpwent, setpwent, endpwent) in unistd/pwd.c, along with their declarations in include/pwd.h. The feedback suggests declaring ret as a signed int in readpwentry to prevent signed/unsigned conversion issues when returning negative error codes, and returning errno instead of a hardcoded EIO when fopen fails in getpwby_r to provide more descriptive error details.
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
2 times, most recently
from
c4d554c to
aa20397
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request implements POSIX-compliant password database functions, including the reentrant versions getpwnam_r and getpwuid_r, as well as the stream-based functions getpwent, setpwent, and endpwent. It also refactors the internal parsing logic in unistd/pwd.c to improve safety and error handling. A review comment points out that getpwnam_r does not set *result to NULL when returning EINVAL on a NULL name argument, which violates POSIX requirements.
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
from
aa20397 to
34db99e
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request implements and declares several password database functions in pwd.h and pwd.c, including the reentrant functions getpwuid_r and getpwnam_r, as well as getpwent, endpwent, and setpwent. It also refactors the internal parsing logic to use static variables and helper functions like readpwentryall and pwentlast for safer and cleaner file reading. There are no review comments to address.
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
from
34db99e to
101ba65
Compare
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
from
101ba65 to
fffe8d4
Compare
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
from
fffe8d4 to
b56a26e
Compare
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
from
b56a26e to
94a27bf
Compare
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
from
94a27bf to
7ff7c2c
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request implements reentrant password database lookup functions (getpwnam_r, getpwuid_r) and standard entry iteration functions (getpwent, setpwent, endpwent) in unistd/pwd.c. While these additions significantly improve POSIX compliance, several critical issues were identified. First, readpwentryline reads directly into the pointers of the static pwnam struct, which can cause undefined behavior if a user program modifies the returned struct. Second, the overflow check in readid is flawed on both 32-bit and 64-bit architectures, failing to correctly handle maximum UID values. Finally, the pointer arithmetic in getpwby_r is overly complex and prone to errors, and the error code handling should be made more consistent.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
2 times, most recently
from
580e99f to
9f0247f
Compare
implement: getpwent, setpwent, endpwent, getpwnam_r, getpwuid_r YT: RTOS-1341
julianuziemblo
force-pushed
the
julianuziemblo/RTOS-1341
branch
from
9f0247f to
9078025
Compare
|
|
||
| if (name != NULL && strcmp(pwd->pw_name, name) != 0) { | ||
| /* skip to next line */ | ||
| while ((c = fgetc(fp)) != EOF && c != '\n') |
There was a problem hiding this comment.
This is inconsistent behavior compared to getpwnam(). Here, an invalid line can be skipped (we know only that name is correct) and subsequent entries are still processed, while getpwnam() returns an error on the first invalid line.
There was a problem hiding this comment.
do you think we should omit this "optimisation", or add it to getpwnam?
There was a problem hiding this comment.
Please verify how Linux/BSD handles this. If invalid lines are skipped, that’s probably the better behavior, but then getpwnam() should be consistent and skip these lines too.
There was a problem hiding this comment.
ok, will check and change the implementation accordingly
| } | ||
| if (uid != NULL && pwd->pw_uid != *uid) { | ||
| /* skip to next line */ | ||
| while ((c = fgetc(fp)) != EOF && c != '\n') |
3 participants
implement: getpwent, setpwent, endpwent, getpwnam_r, getpwuid_r
YT: RTOS-1341
Description
Motivation and Context
Types of changes
How Has This Been Tested?
ia32-generic-qemu,host-generic-pcChecklist:
Special treatment