diff options
author | brian <brian@FreeBSD.org> | 2000-10-02 22:27:34 +0000 |
---|---|---|
committer | brian <brian@FreeBSD.org> | 2000-10-02 22:27:34 +0000 |
commit | 387093d29e278e3eacdcbaf68dcf8f091979e859 (patch) | |
tree | 6cf8b451013b804373910cf089bd5a05b4709ea9 /usr.bin/finger | |
parent | 30148a4f5c4597ab74264eb52d11b5f44f10f33b (diff) | |
download | FreeBSD-src-387093d29e278e3eacdcbaf68dcf8f091979e859.zip FreeBSD-src-387093d29e278e3eacdcbaf68dcf8f091979e859.tar.gz |
Don't allow finger /somefile, only allow filname expansions from
inside /etc/finger.conf
PR: 21704
Diffstat (limited to 'usr.bin/finger')
-rw-r--r-- | usr.bin/finger/finger.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/usr.bin/finger/finger.c b/usr.bin/finger/finger.c index 006c67d..3ad3a3f 100644 --- a/usr.bin/finger/finger.c +++ b/usr.bin/finger/finger.c @@ -293,6 +293,16 @@ userlist(argc, argv) goto net; /* + * Mark any arguments beginning with '/' as invalid so that we + * don't accidently confuse them with expansions from finger.conf + */ + for (p = argv, ip = used; *p; ++p, ++ip) + if (**p == '/') { + *ip = 1; + warnx("%s: no such user", *p); + } + + /* * Traverse the finger alias configuration file of the form * alias:(user|alias), ignoring comment lines beginning '#'. */ |