Two distinct issues surface when running sshd on WinPE (a restricted
Windows environment with no user-profile service and no desktop /
window-station for non-interactive users). Both crash the daemon before
the user can log in.
-
load_user_profile format-string mismatch.
The debug3 call on LoadUserProfileW failure declares
"%s %S %d" (three specifiers) but passes only two arguments. %S
consumes GetLastError()'s DWORD as a wide-string pointer, then
wcsnlen dereferences it and crashes sshd-session post-auth. Only
visible where LoadUserProfileW actually fails (e.g. WinPE, which
has no user-profile service), so stock Windows was unaffected.
-
sshd-auth crashes on restricted window stations.
sshd-auth is a privsep helper spawned as a different user and runs
without desktop / window-station access. user32.dll's DllMain
binds to the process window station and fails with
STATUS_DLL_INIT_FAILED in restricted environments, so the helper
dies before auth begins. The only transitive user32 references in
sshd-auth come from console.c's ConRestoreViewRect_NoPtyHack
(ShowWindow / GetWindowPlacement), which sshd-auth does not execute.
Delay-loading user32 is sufficient: the DLL is never loaded in
practice.
Depends on #2434 (shared build changes).
Two distinct issues surface when running sshd on WinPE (a restricted
Windows environment with no user-profile service and no desktop /
window-station for non-interactive users). Both crash the daemon before
the user can log in.
load_user_profileformat-string mismatch.The
debug3call onLoadUserProfileWfailure declares"%s %S %d"(three specifiers) but passes only two arguments.%Sconsumes
GetLastError()'sDWORDas a wide-string pointer, thenwcsnlendereferences it and crashes sshd-session post-auth. Onlyvisible where
LoadUserProfileWactually fails (e.g. WinPE, whichhas no user-profile service), so stock Windows was unaffected.
sshd-authcrashes on restricted window stations.sshd-auth is a privsep helper spawned as a different user and runs
without desktop / window-station access.
user32.dll'sDllMainbinds to the process window station and fails with
STATUS_DLL_INIT_FAILEDin restricted environments, so the helperdies before auth begins. The only transitive user32 references in
sshd-auth come from
console.c'sConRestoreViewRect_NoPtyHack(ShowWindow / GetWindowPlacement), which sshd-auth does not execute.
Delay-loading
user32is sufficient: the DLL is never loaded inpractice.
Depends on #2434 (shared build changes).