diff options
author | peter <peter@FreeBSD.org> | 1995-07-16 17:03:58 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 1995-07-16 17:03:58 +0000 |
commit | 28fb9a318face899c781210923641a0c958e2d18 (patch) | |
tree | 332744fc21e3970506243a6693ca1ddcd319f226 /lib/libc | |
parent | ad4fa79aa73783ca18513f28ebd44b33980c95b8 (diff) | |
download | FreeBSD-src-28fb9a318face899c781210923641a0c958e2d18.zip FreeBSD-src-28fb9a318face899c781210923641a0c958e2d18.tar.gz |
Slight adjustment to previous fix for __ivaliduser(). It was checking for
the comment before checking for long lines, so there was a possibility
that the wrap-around might be used as an exploitable hostname.
Reviewed by:
Submitted by:
Obtained from:
Diffstat (limited to 'lib/libc')
-rw-r--r-- | lib/libc/net/rcmd.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c index a05ec73..34ac18b 100644 --- a/lib/libc/net/rcmd.c +++ b/lib/libc/net/rcmd.c @@ -366,14 +366,16 @@ __ivaliduser(hostf, raddr, luser, ruser) return (-1); while (fgets(buf, sizeof(buf), hostf)) { - if(buf[0] == '#') - continue; p = buf; /* Skip lines that are too long. */ if (strchr(p, '\n') == NULL) { while ((ch = getc(hostf)) != '\n' && ch != EOF); continue; } + if (*p == '\n' || *p == '#') { + /* comment... */ + continue; + } while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { *p = isupper(*p) ? tolower(*p) : *p; p++; |