[patch] ssh.c load_public_identity_files calls getpwuid twice without copy
Damien Miller
djm at mindrot.org
Fri Oct 19 10:59:36 EST 2007
On Wed, 17 Oct 2007, Toby Butzon wrote:
> Hi,
>
> getpwuid is called as seen in the patch, and is then called again
> indirectly by tilde_expand_filename without first copying off the
> results from the first call.
>
> This is fatal on MacOSX (and it would seem it should be fatal elsewhere, too).
>
> Please CC me in replies; I'm not a subscriber.
Thanks for the report - could you please file this at
http://bugzilla.mindrot.org ?
Thanks,
Damien
> --- openssh-4.4p1/ssh.c 2006-09-01 22:32:40.000000000 -0700
> +++ openssh-4.4p1-fix/ssh.c 2007-10-17 10:23:07.000000000 -0700
> @@ -1252,6 +1252,7 @@
> #endif /* SMARTCARD */
> if ((pw = getpwuid(original_real_uid)) == NULL)
> fatal("load_public_identity_files: getpwuid failed");
> + pw = pwcopy(pw);
> if (gethostname(thishost, sizeof(thishost)) == -1)
> fatal("load_public_identity_files: gethostname: %s",
> strerror(errno));
>
>
> --
> Toby Butzon
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list