hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-17 16:10:46 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Plug already known security hole. (Brought over from 1.1.5):

Browse Source 
Fixed security problem with telnetd, which allowed
        telnet -l -hcert.org localhost
to change the user's host in utmp.
Thanks to Matthew Green <mrgreen@@mame.mu.oz.au> for showing me this one.


Reviewed by:	karl, guido
Submitted by:	mrgreen@@mame.mu.oz.au
This commit is contained in:
Guido van Rooij 1994-08-15 20:06:13 +00:00
parent 9496903032
commit e27eb9e8ec
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=2077
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libexec/telnetd/sys_term.c
View File

@ -1497,7 +1497,7 @@ start_login(host, autologin, name)
{
register char *cp;
register char **argv;
char **addarg();
char **addarg(), *user;
extern char *getenv();
#ifdef UTMPX
register int pid = getpid();
@ -1667,7 +1667,12 @@ start_login(host, autologin, name)
# endif
} else
#endif
if (getenv("USER")) {
if (user = getenv("USER")) {
if (strchr(user, '-')) {
syslog(LOG_ERR, "tried to pass user \"%s\" to login",
user);
fatal(net, "invalid user");
}
argv = addarg(argv, getenv("USER"));
#if defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
{