X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=kCwwvZ0pvVWb7+Tg/S34DfTZvmQXX702Et0MKkDZHTjIfKuNlmUrT
	1ObzqT3xiZG0JtLFn7XRslqGiUH4Yhq39w4gq3u2JBI2aVCNOgl345SUWwB6L876
	/5UrWs32GI6szV6xPYbQx52qmNpPHeINFsfhUGIp4KGjCih2Spfraw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=AvRYP35ULlBfugcB+/769lG96sE=; b=skNXjiB6Qi1NqZZAjr8E/tcvvUM/
	q1j+/t+Y7uqz0E08Uh/QKdQowonMoQLGgKM28Dwl/zUWoIpnNMMI1+kw9CGQTHXT
	7YVOH5DM30ODPr1x/xlAPXHcABDE9IcWpu7GUAifwPIjs26Se60BRKdBg56uYabA
	A5mfePlARGNlieg=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Wed, 7 May 2014 17:24:36 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: snapshot 05/05: ssh segmentation fault within screen
Message-ID: <20140507152436.GO30918@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <5368525F DOT 2070301 AT shaddybaddah DOT name> <20140506163936 DOT GY30918 AT calimero DOT vinschen DOT de> <536920BB DOT 3080102 AT redhat DOT com> <avikm99d63ccuk9lt1v6l39uo89c6dksfr AT 4ax DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="ys8nbMVQRzTucb0g"
Content-Disposition: inline
In-Reply-To: <avikm99d63ccuk9lt1v6l39uo89c6dksfr@4ax.com>
User-Agent: Mutt/1.5.21 (2010-09-15)

--ys8nbMVQRzTucb0g
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On May  7 11:16, Andrew Schulman wrote:
> > On 05/06/2014 10:39 AM, Corinna Vinschen wrote:
> >=20
> > > The problem, which I totally not realized since I started implementing
> > > this stuff is, that by propagating this cache to child processes, said
> > > child processes suffer from what the parent process does to the passwd
> > > structures in the cache.
> > >=20
> > > Screen seems to call getpwuid and then sets some of the pointers in t=
he
> > > passwd structure it got from the call to NULL, apparently for some so=
rt
> > > of security, this way overwriting the cached passwd struct for the
> >=20
> > Bug in screen.  POSIX states:
> >=20
> > http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid.html
> >=20
> > The application shall not modify the structure to which the return value
> > points, nor any storage areas pointed to by pointers within the
> > structure. The returned pointer, and pointers within the structure,
> > might be invalidated or the structure or the storage areas might be
> > overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid=
().
>=20
> Fixing this would be well out of my depth, but I'll gladly include any
> patches to screen that fix it.

Never looked into the sources, but if you see something along the lines
of

   pw_passwd =3D NULL;

it's what I observed.

> Meanwhile there's a new release of screen (4.2.1) upstream, about one year
> newer than the last commit I packaged for Cygwin, so maybe this problem h=
as
> already been addressed.  I'll get the new release out ASAP so we can test.

For testing, please keep in mind to test with the latest snapshot
showing the problem.  That would be the 2014-05-05 snapshot.


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--ys8nbMVQRzTucb0g
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTalA0AAoJEPU2Bp2uRE+gVkEQAJh70+6wiGrmDpySSDzvIrSC
6hsxOTOVvAVARjvEqAq7wM/H4i801CvOIsclCfn4qNhqbMmYF+tNVQM9ngsVYFwL
TFdGRH9WkRIsLN/CQP/TvcZKYBLpVbvYGk+pz5TmBG2nu1jYMTZUZxxxOTHTlNrJ
moHEhQX5KqI08hUXZC9nj26jZJp48v3KBB0o7LGEtQMzEOuzpNLOkaO4CpYUHplq
O7Sbx5738aydqM1fvejWhxy9hM/QVttw+hY1QPAbeUMfrKNU9O01hdqXshPsc1B4
OrkVzAjUst0gxPNe/uP1XLLLX/NbCunHRyHKhy6QRJXLATVehg4a+THS9dG1DIIA
wyJpv3ht6twWojbjmzUYedc2IQJ+YnT/jCz33TCZg3BN41Mqz7pZz2yZQ+Ei1R6f
b0k2Uu8Tszmm5WgsaQqdMDcNgM40u20KL3rvL0CLbR1qWOzFEtSfT6efKxuBMHFJ
R3+hsAe3WEgqCz3VvA1TnWO0t06azbqFNFaQVYi1RN4wJakLllU/suxiTFdvmiOJ
ELKQlLyM9O5zf4/9M4jLjWlzdr1H4cSEsE1kM9gYkNlg9NxG6uHCMYA0KQ9j4jlF
mG86ThQBm6y69dfcMQh56Hi1M/TENyg34YJMYUd6zDwc9y7kwEpbdUW7Sjb7ztY7
skoo7dyqEatrTnZ7EjIU
=Kg2a
-----END PGP SIGNATURE-----

--ys8nbMVQRzTucb0g--