[patch] ssh.c load_public_identity_files calls getpwuid twice without copy

Damien Miller djm at mindrot.org
Fri Oct 19 10:59:36 EST 2007


On Wed, 17 Oct 2007, Toby Butzon wrote:

> Hi,
> 
> getpwuid is called as seen in the patch, and is then called again
> indirectly by tilde_expand_filename without first copying off the
> results from the first call.
> 
> This is fatal on MacOSX (and it would seem it should be fatal elsewhere, too).
> 
> Please CC me in replies; I'm not a subscriber.

Thanks for the report - could you please file this at
http://bugzilla.mindrot.org ?

Thanks,
Damien

> --- openssh-4.4p1/ssh.c 2006-09-01 22:32:40.000000000 -0700
> +++ openssh-4.4p1-fix/ssh.c     2007-10-17 10:23:07.000000000 -0700
> @@ -1252,6 +1252,7 @@
>  #endif /* SMARTCARD */
>         if ((pw = getpwuid(original_real_uid)) == NULL)
>                 fatal("load_public_identity_files: getpwuid failed");
> +       pw = pwcopy(pw);
>         if (gethostname(thishost, sizeof(thishost)) == -1)
>                 fatal("load_public_identity_files: gethostname: %s",
>                     strerror(errno));
> 
> 
> -- 
> Toby Butzon
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 


More information about the openssh-unix-dev mailing list