Created attachment 1364 [details] patch for ssh.c The symptom is: $ ssh foo percent_expand: NULL replacement Just need to pwcopy the last getpwuid result; percent_expand calls getpwuid, too, so not doing so destroys the old pwcopy data.
(In reply to comment #0) > Just need to pwcopy the last getpwuid result; percent_expand calls > getpwuid, too, so not doing so destroys the old pwcopy data. Woops, it's not percent_expand, it's tilde_expand_filename.
Created attachment 1379 [details] free passwd struct after dup That patch will leak the passwd struct, so I think it needs a symmetric pwfree() like this.
This has been fixed by saving only pw_name and pw_dir (ssh.c revs 1.306 and 1.307), which will be in the 4.8 release. Thanks for the report.
Fix shipped in 4.9/4.9p1 release.