Bug 1377 - getpwuid called twice without pwcopy (percent_expand: NULL replacement)
Summary: getpwuid called twice without pwcopy (percent_expand: NULL replacement)
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: -current
Hardware: All All
: P2 normal
Assignee: Damien Miller
URL:
Keywords: patch
Depends on:
Blocks: V_4_8
  Show dependency treegraph
 
Reported: 2007-10-20 14:16 AEST by Toby Butzon
Modified: 2023-01-13 13:56 AEDT (History)
1 user (show)

See Also:

Attachments
patch for ssh.c (486 bytes, patch)
2007-10-20 14:16 AEST, Toby Butzon 		no flags Details | Diff
free passwd struct after dup (1.98 KB, patch)
2007-11-03 11:37 AEDT, Damien Miller 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Toby Butzon 2007-10-20 14:16:55 AEST 
Created attachment 1364 [details]
patch for ssh.c

The symptom is:

$ ssh foo
percent_expand: NULL replacement

Just need to pwcopy the last getpwuid result; percent_expand calls getpwuid, too, so not doing so destroys the old pwcopy data.
Comment 1 Toby Butzon 2007-10-20 14:19:51 AEST 
(In reply to comment #0)

> Just need to pwcopy the last getpwuid result; percent_expand calls
> getpwuid, too, so not doing so destroys the old pwcopy data.

Woops, it's not percent_expand, it's tilde_expand_filename.
Comment 2 Damien Miller 2007-11-03 11:37:55 AEDT 
Created attachment 1379 [details]
free passwd struct after dup

That patch will leak the passwd struct, so I think it needs a symmetric pwfree() like this.
Comment 3 Darren Tucker 2007-12-28 03:09:38 AEDT 
This has been fixed by saving only pw_name and pw_dir (ssh.c revs 1.306 and 1.307), which will be in the 4.8 release.

Thanks for the report.
Comment 4 Damien Miller 2008-03-31 15:22:02 AEDT 
Fix shipped in 4.9/4.9p1 release.