From owner-freebsd-bugs Thu Oct 26 3: 0: 7 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 2468037B479 for ; Thu, 26 Oct 2000 03:00:02 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id DAA90075; Thu, 26 Oct 2000 03:00:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14]) by hub.freebsd.org (Postfix) with ESMTP id CBEF737B479 for ; Thu, 26 Oct 2000 02:59:22 -0700 (PDT) Received: from fokus.gmd.de (beagle [193.175.132.100]) by mailhub.fokus.gmd.de (8.8.8/8.8.8) with ESMTP id LAA13728 for ; Thu, 26 Oct 2000 11:59:21 +0200 (MET DST) Received: (from root@localhost) by fokus.gmd.de (8.11.1/8.11.0) id e9Q9xLG01314; Thu, 26 Oct 2000 11:59:21 +0200 (CEST) (envelope-from hbb) Message-Id: <200010260959.e9Q9xLG01314@fokus.gmd.de> Date: Thu, 26 Oct 2000 11:59:21 +0200 (CEST) From: brandt@fokus.gmd.de Reply-To: brandt@fokus.gmd.de To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/22307: ssh dumps core if fields in password entry are empty Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 22307 >Category: bin >Synopsis: ssh dumps core if fields in password entry are empty >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Oct 26 03:00:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Hartmut Brandt >Release: FreeBSD 5.0-CURRENT i386 >Organization: GMD Fokus >Environment: Passwords over NIS from a Solaris NIS server. >Description: If one gets the passwords over NIS the pw_class in struct passwd may be empty (contain a NULL). Openssh calls xstrdup on pw_class. xstrdup doesn't check for NULL pointers beeing passed and ssh/sshd dumps core. Calling ssh for local accounts (like root) works ok. This fix seems (probably) to be introduced with the nsswitch import. While I'm in ssh.c: the strcpy on pw_class is called twice. This is obviously a memory leak. >How-To-Repeat: Configure your nsswitch.conf to get the passwords from a Solaris NIS server. Call ssh from one of the NIS accounts. >Fix: Don't call xstrcpy in ssh.c:516 if pw_class is NULL. Remove ssh.c:519. Alternatively fix getpwent to always set pw_class. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message