diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-02-11 02:26:16 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-02-11 02:26:16 +0000 |
| commit | 6d277db87ac6e7207cdfd04bd5fe1b1d0ed391f7 (patch) | |
| tree | 1e0e35f42fde6e81edef291449c89440da1740a0 | |
| parent | 6206d519a4d9d51d2be6bf08af045a6921be0604 (diff) | |
increased paranoia about .rhosts validity
| -rw-r--r-- | lib/libc/net/rcmd.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c index 4fbf602215e..9db161e96da 100644 --- a/lib/libc/net/rcmd.c +++ b/lib/libc/net/rcmd.c @@ -34,7 +34,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: rcmd.c,v 1.26 1997/07/09 01:08:47 millert Exp $"; +static char *rcsid = "$OpenBSD: rcmd.c,v 1.27 1998/02/11 02:26:15 deraadt Exp $"; #endif /* LIBC_SCCS and not lint */ #include <sys/param.h> @@ -417,7 +417,8 @@ __ivaliduser(hostf, raddrl, luser, ruser) /* Skip lines that are too long. */ if (strchr(p, '\n') == NULL) { while ((ch = getc(hostf)) != '\n' && ch != EOF) - ; + if (!isprint(ch)) + goto bail; continue; } if (*p == '#') @@ -434,8 +435,11 @@ __ivaliduser(hostf, raddrl, luser, ruser) p++; user = p; while (*p != '\n' && *p != ' ' && - *p != '\t' && *p != '\0') + *p != '\t' && *p != '\0') { + if (!isprint(*p)) + goto bail; p++; + } } else user = p; *p = '\0'; |