diff options
author | kris <kris@FreeBSD.org> | 2000-10-31 05:29:54 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-10-31 05:29:54 +0000 |
commit | d710bffe2000f3a05d0bb9fe611d0d14676ef68e (patch) | |
tree | 192ceb398c2d301b71b76e39a72d035ccc4a290d /libexec/telnetd/utility.c | |
parent | 11f32dfee0527c6a1b8bb20381b6357ae4212efd (diff) | |
download | FreeBSD-src-d710bffe2000f3a05d0bb9fe611d0d14676ef68e.zip FreeBSD-src-d710bffe2000f3a05d0bb9fe611d0d14676ef68e.tar.gz |
Filter out some more magic environment variables used by libraries linked
with telnetd. This should really be done with a positive filter - i.e.
only allow through a configured list of variables.
Also do some buffer-safety cleanups while I'm here - I don't think these
are exploitable.
Diffstat (limited to 'libexec/telnetd/utility.c')
-rw-r--r-- | libexec/telnetd/utility.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libexec/telnetd/utility.c b/libexec/telnetd/utility.c index ee69173..97478a7 100644 --- a/libexec/telnetd/utility.c +++ b/libexec/telnetd/utility.c @@ -330,7 +330,7 @@ fatal(f, msg) { char buf[BUFSIZ]; - (void) sprintf(buf, "telnetd: %s.\r\n", msg); + (void) snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg); (void) write(f, buf, (int)strlen(buf)); sleep(1); /*XXX*/ exit(1); @@ -343,7 +343,7 @@ fatalperror(f, msg) { char buf[BUFSIZ], *strerror(); - (void) sprintf(buf, "%s: %s", msg, strerror(errno)); + (void) snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno)); fatal(f, buf); } |