summaryrefslogtreecommitdiff
path: root/libexec/fingerd
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2000-07-07 03:48:13 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2000-07-07 03:48:13 +0000
commit4eed9d866fec26a6f59d3162a2eb9e57ddf779a3 (patch)
treeac9aefc5271a183ea2777f5260d6dc49c397a42e /libexec/fingerd
parent1369e9be8198fc6d5c0ae823f620b89889f9d8d9 (diff)
Change fingerd back to using fgets(3), not fgetln(3). Using fgetln(3)
was a mistake since it allows an attacker to trivially drive up the load on a machine. Of course, this can still be done with multiple connections but there's no reason to make it easier than it needs to be. This also simplifies the logging a bit.
Diffstat (limited to 'libexec/fingerd')
-rw-r--r--libexec/fingerd/fingerd.c32
1 files changed, 7 insertions, 25 deletions
diff --git a/libexec/fingerd/fingerd.c b/libexec/fingerd/fingerd.c
index c66a9a28f5d..83dcf9cd933 100644
--- a/libexec/fingerd/fingerd.c
+++ b/libexec/fingerd/fingerd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: fingerd.c,v 1.17 1999/11/15 01:03:27 deraadt Exp $ */
+/* $OpenBSD: fingerd.c,v 1.18 2000/07/07 03:48:12 millert Exp $ */
/*
* Copyright (c) 1983, 1993
@@ -43,7 +43,7 @@ static char copyright[] =
#if 0
static char sccsid[] = "from: @(#)fingerd.c 8.1 (Berkeley) 6/4/93";
#else
-static char rcsid[] = "$OpenBSD: fingerd.c,v 1.17 1999/11/15 01:03:27 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: fingerd.c,v 1.18 2000/07/07 03:48:12 millert Exp $";
#endif
#endif /* not lint */
@@ -81,9 +81,8 @@ main(argc, argv)
register FILE *fp;
register int ch, ac = 2;
int p[2], logging, secure, user_required, short_list;
- size_t linesiz;
#define ENTRIES 50
- char **ap, *av[ENTRIES + 1], **comp, *line, *prog, *lp, *hname;
+ char **ap, *av[ENTRIES + 1], **comp, line[8192], *lp, *prog, *hname;
char hostbuf[MAXHOSTNAMELEN];
prog = _PATH_FINGER;
@@ -136,33 +135,16 @@ main(argc, argv)
hname = hostbuf;
}
- if ((lp = fgetln(stdin, &linesiz)) == NULL) {
+ if (fgets(line, sizeof(line), stdin) == NULL) {
if (logging)
syslog(LOG_NOTICE, "query from %s: %s", hname,
feof(stdin) ? "EOF" : strerror(errno));
exit(1);
}
- if ((line = malloc(linesiz + 1)) == NULL)
- err("Out of memory");
- memcpy(line, lp, linesiz);
- line[linesiz] = '\0';
- if (logging) {
- char *tline;
-
- if ((tline = strdup(line)) == NULL)
- err("Out of memory");
- /* Replace NULL, \r and \n with ' ' */
- for (ch = 0; ch < linesiz; ch++) {
- if (tline[ch] == '\0' || tline[ch] == '\r' ||
- tline[ch] == '\n')
- tline[ch] = ' ';
- }
- for (lp = tline + linesiz - 1; lp >= tline && *lp == ' '; lp--)
- *lp = '\0';
- syslog(LOG_NOTICE, "query from %s: `%s'", hname, tline);
- free(tline);
- }
+ if (logging)
+ syslog(LOG_NOTICE, "query from %s: `%.*s'", hname,
+ strcspn(line, "\r\n"), line);
/*
* Note: we assume that finger(1) will treat "--" as end of