Package: login Version: 1:4.1.5.1-1 Severity: important setup_env in ./libmisc/setupenv.c sets info->pw_dir to a pointer to a static buffer: temp_pw_dir as defined in that very function. This happens when pw_dir as found in the passwd entry is not accessible to the application (in my case `su').
Now this pointer points into static memory, not the heap. main calls pw_free before it finishes (src/su.c:1214). pw_free calls free upon that very pw_dir set above. Because that pointer is not pointing into heap space, glibc complains and kills the program. # su - pkern No directory, logging in with HOME=/ Cannot execute /bin/zsh: No such file or directory *** glibc detected *** su: free(): invalid pointer: 0x000000008000d488 ==11211== Invalid free() / delete / delete[] / realloc() ==11211== at 0x40325D2: free (in /usr/lib/valgrind/vgpreload_memcheck-s390x-linux.so) ==11211== by 0x800096D9: pw_free (pwmem.c:100) ==11211== by 0x80006311: main (su.c:1214) ==11211== Address 0x8000d488 is 0 bytes inside data symbol "temp_pw_dir.5460" I think it should do a strdup in setup_env instead of just assigning that string to the entry. Kind regards Philipp Kern
signature.asc
Description: PGP signature
