tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-28 00:04:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

- deraadt@cvs.openbsd.org 2007/11/03 01:24:06

Browse Source 
[ssh.c]
     bz #1377: getpwuid results were being clobbered by another getpw* call
     inside tilde_expand_filename(); save the data we need carefully
     ok djm
This commit is contained in:
Darren Tucker 2007-12-02 23:16:32 +11:00
parent 23ae8ca948
commit b4fbbc6850
2 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -30,6 +30,11 @@
[clientloop.c] [clientloop.c]
fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM; fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;
ok dtucker@ ok dtucker@
- deraadt@cvs.openbsd.org 2007/11/03 01:24:06
[ssh.c]
bz #1377: getpwuid results were being clobbered by another getpw* call
inside tilde_expand_filename(); save the data we need carefully
ok djm
20071030 20071030
- (djm) OpenBSD CVS Sync - (djm) OpenBSD CVS Sync
@ -3447,4 +3452,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.4803 2007/12/02 12:12:30 dtucker Exp $ $Id: ChangeLog,v 1.4804 2007/12/02 12:16:32 dtucker Exp $

13
ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.305 2007/10/29 06:54:50 dtucker Exp $ */ /* $OpenBSD: ssh.c,v 1.306 2007/11/03 01:24:06 deraadt Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1231,6 +1231,7 @@ static void
load_public_identity_files(void) load_public_identity_files(void)
{ {
char *filename, *cp, thishost[NI_MAXHOST]; char *filename, *cp, thishost[NI_MAXHOST];
char *pwdir = NULL, *pwname = NULL;
int i = 0; int i = 0;
Key *public; Key *public;
struct passwd *pw; struct passwd *pw;
@ -1259,14 +1260,16 @@ load_public_identity_files(void)
#endif /* SMARTCARD */ #endif /* SMARTCARD */
if ((pw = getpwuid(original_real_uid)) == NULL) if ((pw = getpwuid(original_real_uid)) == NULL)
fatal("load_public_identity_files: getpwuid failed"); fatal("load_public_identity_files: getpwuid failed");
pwname = strdup(pw->pw_name);
pwdir = strdup(pw->pw_dir);
if (gethostname(thishost, sizeof(thishost)) == -1) if (gethostname(thishost, sizeof(thishost)) == -1)
fatal("load_public_identity_files: gethostname: %s", fatal("load_public_identity_files: gethostname: %s",
strerror(errno)); strerror(errno));
for (; i < options.num_identity_files; i++) { for (; i < options.num_identity_files; i++) {
cp = tilde_expand_filename(options.identity_files[i], cp = tilde_expand_filename(options.identity_files[i],
original_real_uid); original_real_uid);
filename = percent_expand(cp, "d", pw->pw_dir, filename = percent_expand(cp, "d", pwdir,
"u", pw->pw_name, "l", thishost, "h", host, "u", pwname, "l", thishost, "h", host,
"r", options.user, (char *)NULL); "r", options.user, (char *)NULL);
xfree(cp); xfree(cp);
public = key_load_public(filename, NULL); public = key_load_public(filename, NULL);
@ -1276,6 +1279,10 @@ load_public_identity_files(void)
options.identity_files[i] = filename; options.identity_files[i] = filename;
options.identity_keys[i] = public; options.identity_keys[i] = public;
} }
bzero(pwname, strlen(pwname));
free(pwname);
bzero(pwdir, strlen(pwdir));
free(pwdir);
} }
static void static void