From afe4880c3781dfe12ad3a51a57eecfbee8161c8a Mon Sep 17 00:00:00 2001
From: Bryan Berns <berns@uwalumni.com>
Date: Mon, 25 Mar 2019 12:59:38 -0400
Subject: [PATCH] Address Group Matching Issue (#380)

- Addressed group mapping issue caused by the username being used after being freed.
PowerShell/Win32-OpenSSH#1354
---
 auth.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/auth.c b/auth.c
index 957f26c13..f79757585 100644
--- a/auth.c
+++ b/auth.c
@@ -595,9 +595,12 @@ getpwnamallow(const char *user)
 	struct passwd *pw;
 	struct connection_info *ci = get_connection_info(1, options.use_dns);
 #ifdef WINDOWS
-	/* getpwname - normalizes the incoming user and makes it lowercase */
+	/* getpwname - normalizes the incoming user and makes it lowercase
+	/* it must be duped as the server matching routines may use getpwnam() and
+	 * and free the name being assigned to the connection info structure 
+	 */
 	pw = getpwnam(user);
-	ci->user = pw? pw->pw_name: user;
+	ci->user = pw? xstrdup(pw->pw_name): user;
 #else
 	ci->user = user;
 #endif // WINDOWS