Some buffer overrun fixes and removed check for username starting with "-"

(replacied it with a getopt stopper (--) instead, which is more correct).

Obtained from: OpenBSD
This commit is contained in:
Paul Traina 1997-01-07 19:00:52 +00:00
parent 1c594de59d
commit a29e4eaa60
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=21403
3 changed files with 16 additions and 13 deletions

View File

@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
* $Id: sys_term.c,v 1.14 1996/09/22 21:55:42 wosch Exp $
*/
#ifndef lint
@ -1624,6 +1624,7 @@ start_login(host, autologin, name)
if (auth_level >= 0 && autologin == AUTH_VALID) {
# if !defined(NO_LOGIN_F)
argv = addarg(argv, "-f");
argv = addarg(argv, "--");
argv = addarg(argv, name);
# else
# if defined(LOGIN_R)
@ -1696,17 +1697,14 @@ start_login(host, autologin, name)
pty = xpty;
}
# else
argv = addarg(argv, "--");
argv = addarg(argv, name);
# endif
# endif
} else
#endif
if (user = getenv("USER")) {
if (strchr(user, '-')) {
syslog(LOG_ERR, "tried to pass user \"%s\" to login",
user);
fatal(net, "invalid user");
}
if (getenv("USER")) {
argv = addarg(argv, "--");
argv = addarg(argv, getenv("USER"));
#if defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
{

View File

@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
* $Id: telnetd.c,v 1.7 1996/09/22 21:55:46 wosch Exp $
*/
#ifndef lint
@ -668,12 +668,14 @@ getterminaltype(name)
* we have to just go with what we (might) have already gotten.
*/
if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
(void) strncpy(first, terminaltype, sizeof(first));
(void) strncpy(first, terminaltype, sizeof(first)-1);
first[sizeof(first)-1] = '\0';
for(;;) {
/*
* Save the unknown name, and request the next name.
*/
(void) strncpy(last, terminaltype, sizeof(last));
(void) strncpy(last, terminaltype, sizeof(last)-1);
last[sizeof(last)-1] = '\0';
_gettermname();
if (terminaltypeok(terminaltype))
break;
@ -691,8 +693,10 @@ getterminaltype(name)
* the start of the list.
*/
_gettermname();
if (strncmp(first, terminaltype, sizeof(first)) != 0)
(void) strncpy(terminaltype, first, sizeof(first));
if (strncmp(first, terminaltype, sizeof(first)) != 0) {
(void) strncpy(terminaltype, first, sizeof(terminaltype)-1);
terminaltype[sizeof(terminaltype)-1] = '\0';
}
break;
}
}

View File

@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
* $Id: utility.c,v 1.5 1996/09/22 21:55:52 wosch Exp $
*/
#ifndef lint
@ -98,6 +98,7 @@ stilloob(s)
do {
FD_ZERO(&excepts);
FD_SET(s, &excepts);
memset((char *)&timeout, 0, sizeof timeout);
value = select(s+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout);
} while ((value == -1) && (errno == EINTR));