diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2002-10-13 21:09:14 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2002-10-13 21:09:14 +0000 |
commit | 9a2e0a09da2aed07c37c242bbf59970aaa38f6ee (patch) | |
tree | ba0b7e3a9e0bb2d1a161652f01500a98f1bacfa6 | |
parent | 42d8c6cc44a2ae130df7152e15c9eb6ee9ddab04 (diff) |
Avoid potential printf format string problem with challenge from
auth_challenge(). Currently, none of the auth modules put non-sanitized
data in the prompt so there are no real security implications with
this fix. Patch from Moritz Jodeit.
-rw-r--r-- | libexec/ftpd/ftpd.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 1d878adc012..2307e5b12e1 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ftpd.c,v 1.136 2002/08/29 22:52:00 deraadt Exp $ */ +/* $OpenBSD: ftpd.c,v 1.137 2002/10/13 21:09:13 millert Exp $ */ /* $NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $ */ /* @@ -74,7 +74,7 @@ static const char copyright[] = static const char sccsid[] = "@(#)ftpd.c 8.4 (Berkeley) 4/16/94"; #else static const char rcsid[] = - "$OpenBSD: ftpd.c,v 1.136 2002/08/29 22:52:00 deraadt Exp $"; + "$OpenBSD: ftpd.c,v 1.137 2002/10/13 21:09:13 millert Exp $"; #endif #endif /* not lint */ @@ -812,7 +812,7 @@ user(name) } if (as != NULL && (cp = auth_challenge(as)) != NULL) - reply(331, cp); + reply(331, "%s", cp); else reply(331, "Password required for %s.", name); |