summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog7
-rw-r--r--ssh.c13
2 files changed, 16 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index d7345a85a..0d820cae7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,11 @@
30 [clientloop.c] 30 [clientloop.c]
31 fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM; 31 fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;
32 ok dtucker@ 32 ok dtucker@
33 - deraadt@cvs.openbsd.org 2007/11/03 01:24:06
34 [ssh.c]
35 bz #1377: getpwuid results were being clobbered by another getpw* call
36 inside tilde_expand_filename(); save the data we need carefully
37 ok djm
33 38
3420071030 3920071030
35 - (djm) OpenBSD CVS Sync 40 - (djm) OpenBSD CVS Sync
@@ -3447,4 +3452,4 @@
3447 OpenServer 6 and add osr5bigcrypt support so when someone migrates 3452 OpenServer 6 and add osr5bigcrypt support so when someone migrates
3448 passwords between UnixWare and OpenServer they will still work. OK dtucker@ 3453 passwords between UnixWare and OpenServer they will still work. OK dtucker@
3449 3454
3450$Id: ChangeLog,v 1.4803 2007/12/02 12:12:30 dtucker Exp $ 3455$Id: ChangeLog,v 1.4804 2007/12/02 12:16:32 dtucker Exp $
diff --git a/ssh.c b/ssh.c
index 365321829..f9c6252d3 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.305 2007/10/29 06:54:50 dtucker Exp $ */ 1/* $OpenBSD: ssh.c,v 1.306 2007/11/03 01:24:06 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1231,6 +1231,7 @@ static void
1231load_public_identity_files(void) 1231load_public_identity_files(void)
1232{ 1232{
1233 char *filename, *cp, thishost[NI_MAXHOST]; 1233 char *filename, *cp, thishost[NI_MAXHOST];
1234 char *pwdir = NULL, *pwname = NULL;
1234 int i = 0; 1235 int i = 0;
1235 Key *public; 1236 Key *public;
1236 struct passwd *pw; 1237 struct passwd *pw;
@@ -1259,14 +1260,16 @@ load_public_identity_files(void)
1259#endif /* SMARTCARD */ 1260#endif /* SMARTCARD */
1260 if ((pw = getpwuid(original_real_uid)) == NULL) 1261 if ((pw = getpwuid(original_real_uid)) == NULL)
1261 fatal("load_public_identity_files: getpwuid failed"); 1262 fatal("load_public_identity_files: getpwuid failed");
1263 pwname = strdup(pw->pw_name);
1264 pwdir = strdup(pw->pw_dir);
1262 if (gethostname(thishost, sizeof(thishost)) == -1) 1265 if (gethostname(thishost, sizeof(thishost)) == -1)
1263 fatal("load_public_identity_files: gethostname: %s", 1266 fatal("load_public_identity_files: gethostname: %s",
1264 strerror(errno)); 1267 strerror(errno));
1265 for (; i < options.num_identity_files; i++) { 1268 for (; i < options.num_identity_files; i++) {
1266 cp = tilde_expand_filename(options.identity_files[i], 1269 cp = tilde_expand_filename(options.identity_files[i],
1267 original_real_uid); 1270 original_real_uid);
1268 filename = percent_expand(cp, "d", pw->pw_dir, 1271 filename = percent_expand(cp, "d", pwdir,
1269 "u", pw->pw_name, "l", thishost, "h", host, 1272 "u", pwname, "l", thishost, "h", host,
1270 "r", options.user, (char *)NULL); 1273 "r", options.user, (char *)NULL);
1271 xfree(cp); 1274 xfree(cp);
1272 public = key_load_public(filename, NULL); 1275 public = key_load_public(filename, NULL);
@@ -1276,6 +1279,10 @@ load_public_identity_files(void)
1276 options.identity_files[i] = filename; 1279 options.identity_files[i] = filename;
1277 options.identity_keys[i] = public; 1280 options.identity_keys[i] = public;
1278 } 1281 }
1282 bzero(pwname, strlen(pwname));
1283 free(pwname);
1284 bzero(pwdir, strlen(pwdir));
1285 free(pwdir);
1279} 1286}
1280 1287
1281static void 1288static void
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-14 07:22:43 +0000