Re: snapshot 05/05: ssh segmentation fault within screen

[Corinna Vinschen <corinna-cygwin at cygwin dot com>]

On May  7 11:16, Andrew Schulman wrote:
> > On 05/06/2014 10:39 AM, Corinna Vinschen wrote:
> > 
> > > The problem, which I totally not realized since I started implementing
> > > this stuff is, that by propagating this cache to child processes, said
> > > child processes suffer from what the parent process does to the passwd
> > > structures in the cache.
> > > 
> > > Screen seems to call getpwuid and then sets some of the pointers in the
> > > passwd structure it got from the call to NULL, apparently for some sort
> > > of security, this way overwriting the cached passwd struct for the
> > 
> > Bug in screen.  POSIX states:
> > 
> > http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid.html
> > 
> > The application shall not modify the structure to which the return value
> > points, nor any storage areas pointed to by pointers within the
> > structure. The returned pointer, and pointers within the structure,
> > might be invalidated or the structure or the storage areas might be
> > overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid().
> 
> Fixing this would be well out of my depth, but I'll gladly include any
> patches to screen that fix it.

Never looked into the sources, but if you see something along the lines
of

   pw_passwd = NULL;

it's what I observed.

> Meanwhile there's a new release of screen (4.2.1) upstream, about one year
> newer than the last commit I packaged for Cygwin, so maybe this problem has
> already been addressed.  I'll get the new release out ASAP so we can test.

For testing, please keep in mind to test with the latest snapshot
showing the problem.  That would be the 2014-05-05 snapshot.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpdKbU35AvP6.pgp
Description: PGP signature