[patch] ssh.c load_public_identity_files calls getpwuid twice without copy

Toby Butzon toby at butzon.com
Thu Oct 18 03:42:00 EST 2007


getpwuid is called as seen in the patch, and is then called again
indirectly by tilde_expand_filename without first copying off the
results from the first call.

This is fatal on MacOSX (and it would seem it should be fatal elsewhere, too).

Please CC me in replies; I'm not a subscriber.

--- openssh-4.4p1/ssh.c 2006-09-01 22:32:40.000000000 -0700
+++ openssh-4.4p1-fix/ssh.c     2007-10-17 10:23:07.000000000 -0700
@@ -1252,6 +1252,7 @@
 #endif /* SMARTCARD */
        if ((pw = getpwuid(original_real_uid)) == NULL)
                fatal("load_public_identity_files: getpwuid failed");
+       pw = pwcopy(pw);
        if (gethostname(thishost, sizeof(thishost)) == -1)
                fatal("load_public_identity_files: gethostname: %s",

Toby Butzon

More information about the openssh-unix-dev mailing list