Toby Butzon
2007-Oct-17 17:42 UTC
[patch] ssh.c load_public_identity_files calls getpwuid twice without copy
Hi,
getpwuid is called as seen in the patch, and is then called again
indirectly by tilde_expand_filename without first copying off the
results from the first call.
This is fatal on MacOSX (and it would seem it should be fatal elsewhere, too).
Please CC me in replies; I'm not a subscriber.
--- openssh-4.4p1/ssh.c 2006-09-01 22:32:40.000000000 -0700
+++ openssh-4.4p1-fix/ssh.c 2007-10-17 10:23:07.000000000 -0700
@@ -1252,6 +1252,7 @@
#endif /* SMARTCARD */
if ((pw = getpwuid(original_real_uid)) == NULL)
fatal("load_public_identity_files: getpwuid failed");
+ pw = pwcopy(pw);
if (gethostname(thishost, sizeof(thishost)) == -1)
fatal("load_public_identity_files: gethostname: %s",
strerror(errno));
--
Toby Butzon
Damien Miller
2007-Oct-19 00:59 UTC
[patch] ssh.c load_public_identity_files calls getpwuid twice without copy
On Wed, 17 Oct 2007, Toby Butzon wrote:> Hi, > > getpwuid is called as seen in the patch, and is then called again > indirectly by tilde_expand_filename without first copying off the > results from the first call. > > This is fatal on MacOSX (and it would seem it should be fatal elsewhere, too). > > Please CC me in replies; I'm not a subscriber.Thanks for the report - could you please file this at http://bugzilla.mindrot.org ? Thanks, Damien> --- openssh-4.4p1/ssh.c 2006-09-01 22:32:40.000000000 -0700 > +++ openssh-4.4p1-fix/ssh.c 2007-10-17 10:23:07.000000000 -0700 > @@ -1252,6 +1252,7 @@ > #endif /* SMARTCARD */ > if ((pw = getpwuid(original_real_uid)) == NULL) > fatal("load_public_identity_files: getpwuid failed"); > + pw = pwcopy(pw); > if (gethostname(thishost, sizeof(thishost)) == -1) > fatal("load_public_identity_files: gethostname: %s", > strerror(errno)); > > > -- > Toby Butzon > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
Seemingly Similar Threads
- [Bug 1377] New: getpwuid called twice without pwcopy (percent_expand: NULL replacement)
- [PATCH] ssh: Add option to present certificates on command line
- [PATCH v3 1/2] Permit %L and %l percent escapes in ssh Include
- tunnel device name acquisition?
- test failure for openssh-SNAP-20051125.tar.gz