On Tue, 5 Dec 2017 19:17:42 +0100 Aurelien Jarno <aurel...@aurel32.net> wrote: > It's not something I can reproduce here, but getpwnam_r can behave very > differently depending on the nss configuration your system. A small > reproducer and the content of /etc/nsswitch.conf would definitely help. > > That said libc6 version 2.25-3 included security fixes and memory leak > fixes for the glob function. Can you confirm the version you used, and > if it's really 2.25-3 try with version 2.25-2 which is still in testing. Here we have a reproducer (assuming the there is no user 'O' on system).
#include <sys/types.h> #include <pwd.h> int main(void) { struct passwd *p; char tmp[1024]; struct passwd pw; getpwnam_r("O", &pw, tmp, sizeof(tmp), &p); return 0; } Build/compile/reproduce: gcc -g x.c -o x valgrind --leak-check=full ./x Here is a reproducer using glob(): #include <stdio.h> #include <glob.h> int main(void) { glob_t pglob; if (glob("~O", GLOB_TILDE, NULL, &pglob) == 0) { globfree(&pglob); } return 0; } Build/compile/reproduce: gcc -g x.c -o x valgrind --leak-check=full ./x Regards, Tim
signature.asc
Description: OpenPGP digital signature