- don't free user-supplied string (via -e)

[oweals/busybox.git] / libbb / update_passwd.c

diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c
index 388adf81fb7cc9cb33d9ebdfdcf7514c2ed24e63..88bc28ca93a01a75ed5b63f6c5d67a31f8fdcd85 100644 (file)
--- a/libbb/update_passwd.c
+++ b/libbb/update_passwd.c
@@ -36,7 +36,7 @@ static void check_selinux_update_passwd(const char *username)
 #define check_selinux_update_passwd(username) ((void)0)
 #endif
 
-int update_passwd(const char *filename, const char *username,
+int FAST_FUNC update_passwd(const char *filename, const char *username,
                        const char *new_pw)
 {
        struct stat sb;
@@ -52,6 +52,10 @@ int update_passwd(const char *filename, const char *username,
        int cnt = 0;
        int ret = -1; /* failure */
 
+       filename = xmalloc_follow_symlinks(filename);
+       if (filename == NULL)
+               return -1;
+
        check_selinux_update_passwd(username);
 
        /* New passwd file, "/etc/passwd+" for now */
@@ -143,6 +147,7 @@ int update_passwd(const char *filename, const char *username,
 
  free_mem:
        free(fnamesfx);
-       free((char*)username);
+       free((char *)filename);
+       free((char *)username);
        return ret;
 }