From: ian <ian>
Date: Sun, 10 Oct 1999 11:48:43 +0000 (+0000)
Subject: @@ -1,5 +1,7 @@
X-Git-Tag: debian_version_0_65_2~1
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv.git;a=commitdiff_plain;h=daa5a9077bfe6452efe5dac1d2c06f55ea1baac3;hp=949af4df9625f3371e146f7c78f4f1a17a2bf6db

@@ -1,5 +1,7 @@
+  * In client, copy results from getpw* when necessary.  This fixes what
+    could be a security problem on some platforms.
---

diff --git a/client.c b/client.c
index f7bc9a4..3d70f2b 100644
--- a/client.c
+++ b/client.c
@@ -858,7 +858,7 @@ static void determine_users(void) {
   }
   if (!loginname) {
     pw= getpwuid(myuid); if (!pw) miscerror("cannot determine your login name");
-    loginname= pw->pw_name;
+    loginname= xstrsave(pw->pw_name);
   }
 
   if (!strcmp(serviceuser,"-")) serviceuser= loginname;
diff --git a/debian/changelog b/debian/changelog
index e79e222..941bb4d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,7 @@
 userv (0.65.2) unstable; urgency=high
 
+  * In client, copy results from getpw* when necessary.  This fixes what
+    could be a security problem on some platforms.
   * Avoid accessing backup, auto-save files, etc, with include-lookup.
     Everything except a-z 0-9 - _ must now be prefixed by a colon.
   * Allow \ to continue lines (and do sensible things with whitespace in