bugzilla-daemon at mindrot.org
2021-Mar-07 09:28 UTC
[Bug 3273] New: ssh-keygen uses getpwuid() without pwcopy()
https://bugzilla.mindrot.org/show_bug.cgi?id=3273 Bug ID: 3273 Summary: ssh-keygen uses getpwuid() without pwcopy() Product: Portable OpenSSH Version: 8.5p1 Hardware: PPC OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: contrib at dwatteau.fr Created attachment 3477 --> https://bugzilla.mindrot.org/attachment.cgi?id=3477&action=edit Add missing call to pwcopy() in ssh-keygen.c On Mac OS X 10.5.8 PPC, with OpenSSL 1.1.1j from MacPorts, t7.out regress test currently fails with the following crash: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xc0000000 0x93f047c8 in strlen () (gdb) bt #0 0x93f047c8 in strlen () #1 0x93f9777c in __vfprintf$LDBL128 () #2 0x93f9b898 in snprintf$LDBL128 () #3 0x000114a0 in main (argc=0, argv=0xbffff848) at ssh-keygen.c:3670 which seems to come from pw_name in this snprintf call: else { /* Create default comment field for the passphrase. */ snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); } This looks similar to bug 1377 and bug 1414, i.e. pw_name comes from getpwuid() which is called without a pwcopy(). The attached diff simply adds it, like some other ssh tools already do, and makes t7.out pass again on MacOS X Leopard PPC. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Mar-12 03:44 UTC
[Bug 3273] ssh-keygen uses getpwuid() without pwcopy()
https://bugzilla.mindrot.org/show_bug.cgi?id=3273 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Resolution|--- |FIXED Status|NEW |RESOLVED Blocks| |3270 --- Comment #1 from Damien Miller <djm at mindrot.org> --- fixed in openssh-8.6 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3270 [Bug 3270] Tracking bug for 8.6 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:03 UTC
[Bug 3273] ssh-keygen uses getpwuid() without pwcopy()
https://bugzilla.mindrot.org/show_bug.cgi?id=3273 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.