From a29e4eaa60248a87a6bd62751f738f9d2fd2051c Mon Sep 17 00:00:00 2001
From: Paul Traina <pst@FreeBSD.org>
Date: Tue, 7 Jan 1997 19:00:52 +0000
Subject: [PATCH] Some buffer overrun fixes and removed check for username
 starting with "-" (replacied it with a getopt stopper (--) instead, which is
 more correct).

Obtained from: OpenBSD
---
 libexec/telnetd/sys_term.c | 12 +++++-------
 libexec/telnetd/telnetd.c  | 14 +++++++++-----
 libexec/telnetd/utility.c  |  3 ++-
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/libexec/telnetd/sys_term.c b/libexec/telnetd/sys_term.c
index 72a1ff399f3f..8bbe3fe315cb 100644
--- a/libexec/telnetd/sys_term.c
+++ b/libexec/telnetd/sys_term.c
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id$
+ *	$Id: sys_term.c,v 1.14 1996/09/22 21:55:42 wosch Exp $
  */
 
 #ifndef lint
@@ -1624,6 +1624,7 @@ start_login(host, autologin, name)
 	if (auth_level >= 0 && autologin == AUTH_VALID) {
 # if	!defined(NO_LOGIN_F)
 		argv = addarg(argv, "-f");
+		argv = addarg(argv, "--");
 		argv = addarg(argv, name);
 # else
 #  if defined(LOGIN_R)
@@ -1696,17 +1697,14 @@ start_login(host, autologin, name)
 			pty = xpty;
 		}
 #  else
+		argv = addarg(argv, "--");
 		argv = addarg(argv, name);
 #  endif
 # endif
 	} else
 #endif
-	if (user = getenv("USER")) {
-	if (strchr(user, '-')) {
-			syslog(LOG_ERR, "tried to pass user \"%s\" to login",
-			       user);
-			fatal(net, "invalid user");
-		}
+	if (getenv("USER")) {
+		argv = addarg(argv, "--");
 		argv = addarg(argv, getenv("USER"));
 #if	defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
 		{
diff --git a/libexec/telnetd/telnetd.c b/libexec/telnetd/telnetd.c
index afbced32c40a..1c57eb0ba84e 100644
--- a/libexec/telnetd/telnetd.c
+++ b/libexec/telnetd/telnetd.c
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id$
+ *	$Id: telnetd.c,v 1.7 1996/09/22 21:55:46 wosch Exp $
  */
 
 #ifndef lint
@@ -668,12 +668,14 @@ getterminaltype(name)
 	 * we have to just go with what we (might) have already gotten.
 	 */
 	if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
-	    (void) strncpy(first, terminaltype, sizeof(first));
+	    (void) strncpy(first, terminaltype, sizeof(first)-1);
+	    first[sizeof(first)-1] = '\0';
 	    for(;;) {
 		/*
 		 * Save the unknown name, and request the next name.
 		 */
-		(void) strncpy(last, terminaltype, sizeof(last));
+		(void) strncpy(last, terminaltype, sizeof(last)-1);
+		last[sizeof(last)-1] = '\0';
 		_gettermname();
 		if (terminaltypeok(terminaltype))
 		    break;
@@ -691,8 +693,10 @@ getterminaltype(name)
 		     * the start of the list.
 		     */
 		     _gettermname();
-		    if (strncmp(first, terminaltype, sizeof(first)) != 0)
-			(void) strncpy(terminaltype, first, sizeof(first));
+		    if (strncmp(first, terminaltype, sizeof(first)) != 0) {
+			(void) strncpy(terminaltype, first, sizeof(terminaltype)-1);
+			terminaltype[sizeof(terminaltype)-1] = '\0';
+		    }
 		    break;
 		}
 	    }
diff --git a/libexec/telnetd/utility.c b/libexec/telnetd/utility.c
index 3620813bd6c6..6786bba222f3 100644
--- a/libexec/telnetd/utility.c
+++ b/libexec/telnetd/utility.c
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id$
+ *	$Id: utility.c,v 1.5 1996/09/22 21:55:52 wosch Exp $
  */
 
 #ifndef lint
@@ -98,6 +98,7 @@ stilloob(s)
     do {
 	FD_ZERO(&excepts);
 	FD_SET(s, &excepts);
+	memset((char *)&timeout, 0, sizeof timeout);
 	value = select(s+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout);
     } while ((value == -1) && (errno == EINTR));