summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2002-10-13 21:09:14 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2002-10-13 21:09:14 +0000
commit9a2e0a09da2aed07c37c242bbf59970aaa38f6ee (patch)
treeba0b7e3a9e0bb2d1a161652f01500a98f1bacfa6
parent42d8c6cc44a2ae130df7152e15c9eb6ee9ddab04 (diff)
Avoid potential printf format string problem with challenge from
auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
-rw-r--r--libexec/ftpd/ftpd.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index 1d878adc012..2307e5b12e1 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ftpd.c,v 1.136 2002/08/29 22:52:00 deraadt Exp $ */
+/* $OpenBSD: ftpd.c,v 1.137 2002/10/13 21:09:13 millert Exp $ */
/* $NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $ */
/*
@@ -74,7 +74,7 @@ static const char copyright[] =
static const char sccsid[] = "@(#)ftpd.c 8.4 (Berkeley) 4/16/94";
#else
static const char rcsid[] =
- "$OpenBSD: ftpd.c,v 1.136 2002/08/29 22:52:00 deraadt Exp $";
+ "$OpenBSD: ftpd.c,v 1.137 2002/10/13 21:09:13 millert Exp $";
#endif
#endif /* not lint */
@@ -812,7 +812,7 @@ user(name)
}
if (as != NULL && (cp = auth_challenge(as)) != NULL)
- reply(331, cp);
+ reply(331, "%s", cp);
else
reply(331, "Password required for %s.", name);