snapshot 05/05: ssh segmentation fault within screen

Wed May 7 15:17:00 GMT 2014

> On 05/06/2014 10:39 AM, Corinna Vinschen wrote:
>> > The problem, which I totally not realized since I started implementing
> > this stuff is, that by propagating this cache to child processes, said
> > child processes suffer from what the parent process does to the passwd
> > structures in the cache.
> > 
> > Screen seems to call getpwuid and then sets some of the pointers in the
> > passwd structure it got from the call to NULL, apparently for some sort
> > of security, this way overwriting the cached passwd struct for the
>> Bug in screen. POSIX states:
>> http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid.html
>> The application shall not modify the structure to which the return value
> points, nor any storage areas pointed to by pointers within the
> structure. The returned pointer, and pointers within the structure,
> might be invalidated or the structure or the storage areas might be
> overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid().

Fixing this would be well out of my depth, but I'll gladly include any
patches to screen that fix it.
Meanwhile there's a new release of screen (4.2.1) upstream, about one year
newer than the last commit I packaged for Cygwin, so maybe this problem has
already been addressed. I'll get the new release out ASAP so we can test.
Andrew
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple