Fix the bug which allowed people to avoid the "-s" (secure) bug.

Now, "finger" is invoked with "--" before the first network supplied argument, so the "--" and "-l" hacks will be stopped.
svn path=/head/; revision=12728
2024-11-16 15:44:04 +01:00 · 1995-12-10 15:07:12 +00:00 · 1995-12-10 15:07:12 +00:00 · 279884182f · 2020-12-20 02:59:44 +00:00
commit 279884182f
parent bb51c61fdf
1 changed files with 3 additions and 2 deletions
--- a/libexec/fingerd/fingerd.c
+++ b/libexec/fingerd/fingerd.c
@ -107,10 +107,11 @@ main(argc, argv)
 		exit(1);

 	comp = &av[1];
-	for (lp = line, ap = &av[2];;) {
+	av[2] = "--";
+	for (lp = line, ap = &av[3];;) {
 		*ap = strtok(lp, " \t\r\n");
 		if (!*ap) {
-			if (secure && ap == &av[2]) {
+			if (secure && ap == &av[3]) {
 				puts("must provide username\r\n");
 				exit(1);
 			}