- deraadt@cvs.openbsd.org 2007/11/03 01:24:06

     [ssh.c]
     bz #1377: getpwuid results were being clobbered by another getpw* call
     inside tilde_expand_filename(); save the data we need carefully
     ok djm

2 files changed, 16 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index d7345a85a..0d820cae7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,11 @@
      [clientloop.c]
      fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;
      ok dtucker@
+   - deraadt@cvs.openbsd.org 2007/11/03 01:24:06
+     [ssh.c]
+     bz #1377: getpwuid results were being clobbered by another getpw* call
+     inside tilde_expand_filename(); save the data we need carefully
+     ok djm
 
 20071030
  - (djm) OpenBSD CVS Sync
@@ -3447,4 +3452,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4803 2007/12/02 12:12:30 dtucker Exp $
+$Id: ChangeLog,v 1.4804 2007/12/02 12:16:32 dtucker Exp $
diff --git a/ssh.c b/ssh.c
index 365321829..f9c6252d3 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.305 2007/10/29 06:54:50 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.306 2007/11/03 01:24:06 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1231,6 +1231,7 @@ static void
 load_public_identity_files(void)
 {
 	char *filename, *cp, thishost[NI_MAXHOST];
+	char *pwdir = NULL, *pwname = NULL;
 	int i = 0;
 	Key *public;
 	struct passwd *pw;
@@ -1259,14 +1260,16 @@ load_public_identity_files(void)
 #endif /* SMARTCARD */
 	if ((pw = getpwuid(original_real_uid)) == NULL)
 		fatal("load_public_identity_files: getpwuid failed");
+	pwname = strdup(pw->pw_name);
+	pwdir = strdup(pw->pw_dir);
 	if (gethostname(thishost, sizeof(thishost)) == -1)
 		fatal("load_public_identity_files: gethostname: %s",
 		    strerror(errno));
 	for (; i < options.num_identity_files; i++) {
 		cp = tilde_expand_filename(options.identity_files[i],
 		    original_real_uid);
-		filename = percent_expand(cp, "d", pw->pw_dir,
-		    "u", pw->pw_name, "l", thishost, "h", host,
+		filename = percent_expand(cp, "d", pwdir,
+		    "u", pwname, "l", thishost, "h", host,
 		    "r", options.user, (char *)NULL);
 		xfree(cp);
 		public = key_load_public(filename, NULL);
@@ -1276,6 +1279,10 @@ load_public_identity_files(void)
 		options.identity_files[i] = filename;
 		options.identity_keys[i] = public;
 	}
+	bzero(pwname, strlen(pwname));
+	free(pwname);
+	bzero(pwdir, strlen(pwdir));
+	free(pwdir);
 }
 
 static void