summaryrefslogtreecommitdiffstats
path: root/libexec
diff options
context:
space:
mode:
Diffstat (limited to 'libexec')
-rw-r--r--libexec/telnetd/sys_term.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/libexec/telnetd/sys_term.c b/libexec/telnetd/sys_term.c
index 1e50216..abb732b 100644
--- a/libexec/telnetd/sys_term.c
+++ b/libexec/telnetd/sys_term.c
@@ -1497,7 +1497,7 @@ start_login(host, autologin, name)
{
register char *cp;
register char **argv;
- char **addarg();
+ char **addarg(), *user;
extern char *getenv();
#ifdef UTMPX
register int pid = getpid();
@@ -1667,7 +1667,12 @@ start_login(host, autologin, name)
# endif
} else
#endif
- if (getenv("USER")) {
+ if (user = getenv("USER")) {
+ if (strchr(user, '-')) {
+ syslog(LOG_ERR, "tried to pass user \"%s\" to login",
+ user);
+ fatal(net, "invalid user");
+ }
argv = addarg(argv, getenv("USER"));
#if defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
{
OpenPOWER on IntegriCloud