Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]

Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]

Fix a buffer overflow in telnetd. [11:08]

Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]

Add sanity checking of service names in pam_start. [11:10]

Approved by:    so (cperciva)
Approved by:    re (bz)
Security:       FreeBSD-SA-11:06.bind
Security:       FreeBSD-SA-11:07.chroot
Security:       FreeBSD-SA-11:08.telnetd
Security:       FreeBSD-SA-11:09.pam_ssh
Security:       FreeBSD-SA-11:10.pam

1 files changed, 2 insertions, 2 deletions

diff --git a/lib/libc/net/nsdispatch.c b/lib/libc/net/nsdispatch.c
index 6b7bd02..f9d787a 100644
--- a/lib/libc/net/nsdispatch.c
+++ b/lib/libc/net/nsdispatch.c
@@ -384,7 +384,7 @@ nss_configure(void)
 	confmod = statbuf.st_mtime;
 
 #ifdef NS_CACHING
-	handle = dlopen(NULL, RTLD_LAZY | RTLD_GLOBAL);
+	handle = libc_dlopen(NULL, RTLD_LAZY | RTLD_GLOBAL);
 	if (handle != NULL) {
 		nss_cache_cycle_prevention_func = dlsym(handle,
 			"_nss_cache_cycle_prevention_function");
@@ -497,7 +497,7 @@ nss_load_module(const char *source, nss_module_register_fn reg_fn)
 		if (snprintf(buf, sizeof(buf), "nss_%s.so.%d", mod.name,
 		    NSS_MODULE_INTERFACE_VERSION) >= (int)sizeof(buf))
 			goto fin;
-		mod.handle = dlopen(buf, RTLD_LOCAL|RTLD_LAZY);
+		mod.handle = libc_dlopen(buf, RTLD_LOCAL|RTLD_LAZY);
 		if (mod.handle == NULL) {
 #ifdef _NSS_DEBUG
 			/* This gets pretty annoying since the built-in