avoid sending pointer values in struct passwd

Yuichiro NAITO naito.yuichiro at gmail.com
Fri Nov 20 13:59:21 AEDT 2020

Hi, I wrote a patch to improve sending struct passwd value.
And I believe one ToDo comment will be finished.

When ssh forks child process for authentication,
parent process proxies pwnamallow() execution in mm_answer_pwnamallow().

Through this proxy, struct passwd values are sent via UNIX domain socket.
That includes pointer values because whole structure memory is copied
by memcpy() .
Fortunately all pointer members are replaced by actual strings
(e.g. pw_name, pw_passwd, ...) for now.

But if a new pointer member is added, it will never be rewritten and can be a
wild pointer. My patch avoids this.

Take a look at my GitHub pull request to see my patch.


Thank you!

Yuichiro NAITO (naito.yuichiro at gmail.com)

More information about the openssh-unix-dev mailing list