From 8ee116ce8625e6180f7ad4d91e675e53df5deaf1 Mon Sep 17 00:00:00 2001
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Wed, 4 Dec 2019 09:53:48 +0000
Subject: xenodm uses the libc authentication layer incorrectly. fix by markus
 or millert Reported by Qualys

---
 greeter/verify.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/greeter/verify.c b/greeter/verify.c
index 69d79e6..2b95cc3 100644
--- a/greeter/verify.c
+++ b/greeter/verify.c
@@ -136,7 +136,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
 	explicit_bzero(greet->password, passwd_len);
 	/* Build path of the auth script and call it */
 	snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", style);
-	auth_call(as, path, style, "-s", "response", greet->name,
+	auth_call(as, path, style, "-s", "response", "--", greet->name,
 		  lc->lc_class, (void *)NULL);
 	authok = auth_getstate(as);
 
-- 
cgit v1.2.3