[Bug 3273] New: ssh-keygen uses getpwuid() without pwcopy()
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Mar 7 20:28:46 AEDT 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3273
Bug ID: 3273
Summary: ssh-keygen uses getpwuid() without pwcopy()
Product: Portable OpenSSH
Version: 8.5p1
Hardware: PPC
OS: Mac OS X
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: contrib at dwatteau.fr
Created attachment 3477
--> https://bugzilla.mindrot.org/attachment.cgi?id=3477&action=edit
Add missing call to pwcopy() in ssh-keygen.c
On Mac OS X 10.5.8 PPC, with OpenSSL 1.1.1j from MacPorts, t7.out
regress test currently fails with the following crash:
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xc0000000
0x93f047c8 in strlen ()
(gdb) bt
#0 0x93f047c8 in strlen ()
#1 0x93f9777c in __vfprintf$LDBL128 ()
#2 0x93f9b898 in snprintf$LDBL128 ()
#3 0x000114a0 in main (argc=0, argv=0xbffff848) at ssh-keygen.c:3670
which seems to come from pw_name in this snprintf call:
else {
/* Create default comment field for the passphrase. */
snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
hostname);
}
This looks similar to bug 1377 and bug 1414, i.e. pw_name comes from
getpwuid() which is called without a pwcopy().
The attached diff simply adds it, like some other ssh tools already do,
and makes t7.out pass again on MacOS X Leopard PPC.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list