diff options
| author | peter <peter@FreeBSD.org> | 1995-12-10 15:07:12 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 1995-12-10 15:07:12 +0000 |
| commit | d8249966c8ccdec59d2d62956cf45f88b1aa48d5 (patch) | |
| tree | 765c1165bd7bd0aa1bf5a58585daf3372416a0fc /libexec/fingerd | |
| parent | 17cc71f8269d2cf5b9fd22a6cc01f516a21e86f1 (diff) | |
| download | FreeBSD-src-d8249966c8ccdec59d2d62956cf45f88b1aa48d5.zip FreeBSD-src-d8249966c8ccdec59d2d62956cf45f88b1aa48d5.tar.gz | |
Fix the bug which allowed people to avoid the "-s" (secure) bug.
Now, "finger" is invoked with "--" before the first network supplied
argument, so the "--" and "-l" hacks will be stopped.
Diffstat (limited to 'libexec/fingerd')
| -rw-r--r-- | libexec/fingerd/fingerd.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/libexec/fingerd/fingerd.c b/libexec/fingerd/fingerd.c index 7f88bf4..cbba164 100644 --- a/libexec/fingerd/fingerd.c +++ b/libexec/fingerd/fingerd.c @@ -107,10 +107,11 @@ main(argc, argv) exit(1); comp = &av[1]; - for (lp = line, ap = &av[2];;) { + av[2] = "--"; + for (lp = line, ap = &av[3];;) { *ap = strtok(lp, " \t\r\n"); if (!*ap) { - if (secure && ap == &av[2]) { + if (secure && ap == &av[3]) { puts("must provide username\r\n"); exit(1); } |
