diff options
| author | beck@openbsd.org <beck@openbsd.org> | 2018-07-25 13:10:56 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-07-26 13:54:30 +1000 |
| commit | 8e433c2083db8664c41499ee146448ea7ebe7dbf (patch) | |
| tree | 7d3bc4cb06117e9a50edf806877b8fd98f205445 | |
| parent | e2127abb105ae72b6fda64fff150e6b24b3f1317 (diff) | |
upstream: Use the caller provided (copied) pwent struct in
load_public_identity_files instead of calling getpwuid() again and discarding
the argument. This prevents a client crash where tilde_expand_filename calls
getpwuid() again before the pwent pointer is used. Issue noticed and reported
by Pierre-Olivier Martel <pom@apple.com> ok djm@ deraadt@
OpenBSD-Commit-ID: a067d74b5b098763736c94cc1368de8ea3f0b157
| -rw-r--r-- | ssh.c | 4 |
1 files changed, 1 insertions, 3 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh.c,v 1.488 2018/07/19 10:28:47 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.489 2018/07/25 13:10:56 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -2011,8 +2011,6 @@ load_public_identity_files(struct passwd *pw) | |||
| 2011 | free(keys); | 2011 | free(keys); |
| 2012 | } | 2012 | } |
| 2013 | #endif /* ENABLE_PKCS11 */ | 2013 | #endif /* ENABLE_PKCS11 */ |
| 2014 | if ((pw = getpwuid(original_real_uid)) == NULL) | ||
| 2015 | fatal("load_public_identity_files: getpwuid failed"); | ||
| 2016 | for (i = 0; i < options.num_identity_files; i++) { | 2014 | for (i = 0; i < options.num_identity_files; i++) { |
| 2017 | if (n_ids >= SSH_MAX_IDENTITY_FILES || | 2015 | if (n_ids >= SSH_MAX_IDENTITY_FILES || |
| 2018 | strcasecmp(options.identity_files[i], "none") == 0) { | 2016 | strcasecmp(options.identity_files[i], "none") == 0) { |