diff options
Diffstat (limited to 'security/mit-krb5/patches/patch-ai')
| -rw-r--r-- | security/mit-krb5/patches/patch-ai | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/security/mit-krb5/patches/patch-ai b/security/mit-krb5/patches/patch-ai deleted file mode 100644 index 005054695c0..00000000000 --- a/security/mit-krb5/patches/patch-ai +++ /dev/null @@ -1,44 +0,0 @@ -$NetBSD: patch-ai,v 1.4 2008/06/07 20:22:18 tonnerre Exp $ - ---- appl/telnet/telnetd/sys_term.c.orig 2008-06-07 15:55:51.000000000 +0200 -+++ appl/telnet/telnetd/sys_term.c -@@ -1287,6 +1287,16 @@ start_login(host, autologin, name) - #endif - #if defined (AUTHENTICATION) - if (auth_level >= 0 && autologin == AUTH_VALID) { -+ if (name[0] == '-') { -+ /* Authenticated and authorized to log in to an -+ account starting with '-'? Even if that -+ unlikely case comes to pass, the current login -+ program will not parse the resulting command -+ line properly. */ -+ syslog(LOG_ERR, "user name cannot start with '-'"); -+ fatal(net, "user name cannot start with '-'"); -+ exit(1); -+ } - # if !defined(NO_LOGIN_F) - #if defined(LOGIN_CAP_F) - argv = addarg(argv, "-F"); -@@ -1377,12 +1387,20 @@ start_login(host, autologin, name) - } else - #endif - if (getenv("USER")) { -- argv = addarg(argv, getenv("USER")); -+ char *user = getenv("USER"); -+ if (user[0] == '-') { -+ /* "telnet -l-x ..." */ -+ syslog(LOG_ERR, "user name cannot start with '-'"); -+ fatal(net, "user name cannot start with '-'"); -+ exit(EXIT_FAILURE); -+ } -+ argv = addarg(argv, user); - #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) - { - register char **cpp; - for (cpp = environ; *cpp; cpp++) -- argv = addarg(argv, *cpp); -+ if ((*cpp)[0] != '-') -+ argv = addarg(argv, *cpp); - } - #endif - /* |