https://bugzilla.mindrot.org/show_bug.cgi?id=2535
Bug ID: 2535 Summary: Undefined behaviour of *printf in DISPLAY handling code Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-b...@mindrot.org Reporter: jje...@redhat.com Upstream commit [1] changed logic of handling errors of DISPLAY variable and introduced undefined behaviour. When client requests X11 forwarding and does not have DISPLAY variable set, getenv returns NULL (ssh.c:1707), the program gets into client_x11_get_proto() function, where the variable is passed directly to logit function as it is (clientloop.c:321). This case is handled by current GCC and therefore not causing segfault but writing DISPLAY "(null)" invalid; disabling X11 forwarding It is not correct and should be fixed. Preferably by not going into this branch in ssh.c:1710, because there is already one check for NULL in previous condition. Originally reported as rhbz#1303260 [2]. [1] https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c [2] https://bugzilla.redhat.com/show_bug.cgi?id=1303260 -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs