Plug security hole that was already fixed in 1.1. It prevents

user from specifying their hostname when rlogin()-ing in (using rlogin -f-h<host>) Reviewed by: Submitted by:
svn path=/head/; revision=2076
2024-11-17 16:10:46 +01:00 · 1994-08-15 19:44:50 +00:00 · 1994-08-15 19:44:50 +00:00 · 9496903032 · 2020-12-20 02:59:44 +00:00
commit 9496903032
parent d966229d00
1 changed files with 5 additions and 0 deletions
--- a/libexec/rlogind/rlogind.c
+++ b/libexec/rlogind/rlogind.c
@ -293,6 +293,11 @@ doit(f, fromp)
 		if (f > 2)	/* f should always be 0, but... */
 			(void) close(f);
 		setup_term(0);
+		if (strchr(lusername, '-')) {
+			syslog(LOG_ERR, "tried to pass user \"%s\" to login",
+			       lusername);
+			fatal(STDERR_FILENO, "invalid user", 0);
+		}
 		if (authenticated) {
 #ifdef	KERBEROS
 			if (use_kerberos && (pwd->pw_uid == 0))