From daa5a9077bfe6452efe5dac1d2c06f55ea1baac3 Mon Sep 17 00:00:00 2001
From: ian <ian>
Date: Sun, 10 Oct 1999 11:48:43 +0000
Subject: [PATCH 1/1] @@ -1,5 +1,7 @@ +  * In client, copy results from getpw*
 when necessary.  This fixes what +    could be a security problem on some
 platforms.

---
 client.c         | 2 +-
 debian/changelog | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/client.c b/client.c
index f7bc9a4..3d70f2b 100644
--- a/client.c
+++ b/client.c
@@ -858,7 +858,7 @@ static void determine_users(void) {
   }
   if (!loginname) {
     pw= getpwuid(myuid); if (!pw) miscerror("cannot determine your login name");
-    loginname= pw->pw_name;
+    loginname= xstrsave(pw->pw_name);
   }
 
   if (!strcmp(serviceuser,"-")) serviceuser= loginname;
diff --git a/debian/changelog b/debian/changelog
index e79e222..941bb4d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,7 @@
 userv (0.65.2) unstable; urgency=high
 
+  * In client, copy results from getpw* when necessary.  This fixes what
+    could be a security problem on some platforms.
   * Avoid accessing backup, auto-save files, etc, with include-lookup.
     Everything except a-z 0-9 - _ must now be prefixed by a colon.
   * Allow \ to continue lines (and do sensible things with whitespace in
-- 
2.30.2