From d8249966c8ccdec59d2d62956cf45f88b1aa48d5 Mon Sep 17 00:00:00 2001
From: peter <peter@FreeBSD.org>
Date: Sun, 10 Dec 1995 15:07:12 +0000
Subject: Fix the bug which allowed people to avoid the "-s" (secure) bug. Now,
 "finger" is invoked with "--" before the first network supplied argument, so
 the "--" and "-l" hacks will be stopped.

---
 libexec/fingerd/fingerd.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libexec/fingerd/fingerd.c b/libexec/fingerd/fingerd.c
index 7f88bf4..cbba164 100644
--- a/libexec/fingerd/fingerd.c
+++ b/libexec/fingerd/fingerd.c
@@ -107,10 +107,11 @@ main(argc, argv)
 		exit(1);
 
 	comp = &av[1];
-	for (lp = line, ap = &av[2];;) {
+	av[2] = "--";
+	for (lp = line, ap = &av[3];;) {
 		*ap = strtok(lp, " \t\r\n");
 		if (!*ap) {
-			if (secure && ap == &av[2]) {
+			if (secure && ap == &av[3]) {
 				puts("must provide username\r\n");
 				exit(1);
 			}
-- 
cgit v1.1