diff options
| author | markm <markm@FreeBSD.org> | 1997-02-09 15:02:00 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 1997-02-09 15:02:00 +0000 |
| commit | f8e325b1925ba81eb389159fbaa1cf6e92c3abf6 (patch) | |
| tree | d270f2199b07758d500af093ee007cc14aa01c3e /eBones/libexec | |
| parent | 6b544b7e1ac3bfe086f0ac248e2849e539363379 (diff) | |
| download | FreeBSD-src-f8e325b1925ba81eb389159fbaa1cf6e92c3abf6.zip FreeBSD-src-f8e325b1925ba81eb389159fbaa1cf6e92c3abf6.tar.gz | |
Various buffer overrun fixes and other security enhancements.
Obtained from: PST's fixes to the non-secure telnet{d}
Diffstat (limited to 'eBones/libexec')
| -rw-r--r-- | eBones/libexec/telnetd/sys_term.c | 10 | ||||
| -rw-r--r-- | eBones/libexec/telnetd/telnetd.c | 12 | ||||
| -rw-r--r-- | eBones/libexec/telnetd/utility.c | 1 |
3 files changed, 13 insertions, 10 deletions
diff --git a/eBones/libexec/telnetd/sys_term.c b/eBones/libexec/telnetd/sys_term.c index 5ebd2ad..f9b1617 100644 --- a/eBones/libexec/telnetd/sys_term.c +++ b/eBones/libexec/telnetd/sys_term.c @@ -1667,6 +1667,7 @@ start_login(host, autologin, name) if (auth_level >= 0 && autologin == AUTH_VALID) { # if !defined(NO_LOGIN_F) argv = addarg(argv, "-f"); + argv = addarg(argv, "--"); argv = addarg(argv, name); # else # if defined(LOGIN_R) @@ -1739,17 +1740,14 @@ start_login(host, autologin, name) pty = xpty; } # else + argv = addarg(argv, "--"); argv = addarg(argv, name); # endif # endif } else #endif - if ((user = getenv("USER"))) { - if (strchr(user, '-')) { - syslog(LOG_ERR, "tried to pass user \"%s\" to login", - user); - fatal(net, "invalid user"); - } + if (getenv("USER")) { + argv = addarg(argv, "--"); argv = addarg(argv, getenv("USER")); #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) { diff --git a/eBones/libexec/telnetd/telnetd.c b/eBones/libexec/telnetd/telnetd.c index 5785279..5191653 100644 --- a/eBones/libexec/telnetd/telnetd.c +++ b/eBones/libexec/telnetd/telnetd.c @@ -713,12 +713,14 @@ getterminaltype(name) * we have to just go with what we (might) have already gotten. */ if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) { - (void) strncpy(first, terminaltype, sizeof(first)); + (void) strncpy(first, terminaltype, sizeof(first)-1); + first[sizeof(first)-1] = '\0'; for(;;) { /* * Save the unknown name, and request the next name. */ - (void) strncpy(last, terminaltype, sizeof(last)); + (void) strncpy(last, terminaltype, sizeof(last)-1); + last[sizeof(last)-1] = '\0'; _gettermname(); if (terminaltypeok(terminaltype)) break; @@ -736,8 +738,10 @@ getterminaltype(name) * the start of the list. */ _gettermname(); - if (strncmp(first, terminaltype, sizeof(first)) != 0) - (void) strncpy(terminaltype, first, sizeof(first)); + if (strncmp(first, terminaltype, sizeof(first)) != 0) { + (void) strncpy(terminaltype, first, sizeof(terminaltype)-1); + terminaltype[sizeof(terminaltype)-1] = '\0'; + } break; } } diff --git a/eBones/libexec/telnetd/utility.c b/eBones/libexec/telnetd/utility.c index c8e34b8..b432fb2 100644 --- a/eBones/libexec/telnetd/utility.c +++ b/eBones/libexec/telnetd/utility.c @@ -103,6 +103,7 @@ stilloob(s) do { FD_ZERO(&excepts); FD_SET(s, &excepts); + memset((char *)&timeout, 0, sizeof timeout); value = select(s+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout); } while ((value == -1) && (errno == EINTR)); |
