From 4eed9d866fec26a6f59d3162a2eb9e57ddf779a3 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 7 Jul 2000 03:48:13 +0000 Subject: Change fingerd back to using fgets(3), not fgetln(3). Using fgetln(3) was a mistake since it allows an attacker to trivially drive up the load on a machine. Of course, this can still be done with multiple connections but there's no reason to make it easier than it needs to be. This also simplifies the logging a bit. --- libexec/fingerd/fingerd.c | 32 +++++++------------------------- 1 file changed, 7 insertions(+), 25 deletions(-) (limited to 'libexec/fingerd') diff --git a/libexec/fingerd/fingerd.c b/libexec/fingerd/fingerd.c index c66a9a28f5d..83dcf9cd933 100644 --- a/libexec/fingerd/fingerd.c +++ b/libexec/fingerd/fingerd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fingerd.c,v 1.17 1999/11/15 01:03:27 deraadt Exp $ */ +/* $OpenBSD: fingerd.c,v 1.18 2000/07/07 03:48:12 millert Exp $ */ /* * Copyright (c) 1983, 1993 @@ -43,7 +43,7 @@ static char copyright[] = #if 0 static char sccsid[] = "from: @(#)fingerd.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$OpenBSD: fingerd.c,v 1.17 1999/11/15 01:03:27 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: fingerd.c,v 1.18 2000/07/07 03:48:12 millert Exp $"; #endif #endif /* not lint */ @@ -81,9 +81,8 @@ main(argc, argv) register FILE *fp; register int ch, ac = 2; int p[2], logging, secure, user_required, short_list; - size_t linesiz; #define ENTRIES 50 - char **ap, *av[ENTRIES + 1], **comp, *line, *prog, *lp, *hname; + char **ap, *av[ENTRIES + 1], **comp, line[8192], *lp, *prog, *hname; char hostbuf[MAXHOSTNAMELEN]; prog = _PATH_FINGER; @@ -136,33 +135,16 @@ main(argc, argv) hname = hostbuf; } - if ((lp = fgetln(stdin, &linesiz)) == NULL) { + if (fgets(line, sizeof(line), stdin) == NULL) { if (logging) syslog(LOG_NOTICE, "query from %s: %s", hname, feof(stdin) ? "EOF" : strerror(errno)); exit(1); } - if ((line = malloc(linesiz + 1)) == NULL) - err("Out of memory"); - memcpy(line, lp, linesiz); - line[linesiz] = '\0'; - if (logging) { - char *tline; - - if ((tline = strdup(line)) == NULL) - err("Out of memory"); - /* Replace NULL, \r and \n with ' ' */ - for (ch = 0; ch < linesiz; ch++) { - if (tline[ch] == '\0' || tline[ch] == '\r' || - tline[ch] == '\n') - tline[ch] = ' '; - } - for (lp = tline + linesiz - 1; lp >= tline && *lp == ' '; lp--) - *lp = '\0'; - syslog(LOG_NOTICE, "query from %s: `%s'", hname, tline); - free(tline); - } + if (logging) + syslog(LOG_NOTICE, "query from %s: `%.*s'", hname, + strcspn(line, "\r\n"), line); /* * Note: we assume that finger(1) will treat "--" as end of -- cgit v1.2.3