diff options
author | Kris Kennaway <kris@FreeBSD.org> | 2000-10-31 05:29:54 +0000 |
---|---|---|
committer | Kris Kennaway <kris@FreeBSD.org> | 2000-10-31 05:29:54 +0000 |
commit | 4147bd4426576d0767dd111487f364b63073411e (patch) | |
tree | 9b6a6c7ee3bfd55634c2cf79b07d607e936d1fd8 /libexec/telnetd | |
parent | 85c2b43f351f18078cec578a6df1c1eb36914f88 (diff) | |
download | src-4147bd4426576d0767dd111487f364b63073411e.tar.gz src-4147bd4426576d0767dd111487f364b63073411e.zip |
Filter out some more magic environment variables used by libraries linked
with telnetd. This should really be done with a positive filter - i.e.
only allow through a configured list of variables.
Also do some buffer-safety cleanups while I'm here - I don't think these
are exploitable.
Notes
Notes:
svn path=/head/; revision=68038
Diffstat (limited to 'libexec/telnetd')
-rw-r--r-- | libexec/telnetd/sys_term.c | 7 | ||||
-rw-r--r-- | libexec/telnetd/telnetd.c | 4 | ||||
-rw-r--r-- | libexec/telnetd/utility.c | 4 |
3 files changed, 11 insertions, 4 deletions
diff --git a/libexec/telnetd/sys_term.c b/libexec/telnetd/sys_term.c index d7e9ed394808..332dddc46b04 100644 --- a/libexec/telnetd/sys_term.c +++ b/libexec/telnetd/sys_term.c @@ -1799,6 +1799,13 @@ scrub_env() strncmp(*cpp, "_RLD_", 5) && strncmp(*cpp, "LIBPATH=", 8) && #endif + strncmp(*cpp, "LOCALDOMAIN=", 12) && + strncmp(*cpp, "RES_OPTIONS=", 12) && + strncmp(*cpp, "TERMINFO=", 9) && + strncmp(*cpp, "TERMINFO_DIRS=", 14) && + strncmp(*cpp, "TERMPATH=", 9) && + strncmp(*cpp, "TERMCAP=/", 9) && + strncmp(*cpp, "ENV=", 4) && strncmp(*cpp, "IFS=", 4)) *cpp2++ = *cpp; } diff --git a/libexec/telnetd/telnetd.c b/libexec/telnetd/telnetd.c index 57a972aaf10e..9158dfb1d801 100644 --- a/libexec/telnetd/telnetd.c +++ b/libexec/telnetd/telnetd.c @@ -811,7 +811,7 @@ doit(who) fatal(net, "Out of ptys"); if ((pty = open(lp, 2)) >= 0) { - strcpy(line,lp); + strlcpy(line,lp,sizeof(line)); line[5] = 't'; break; } @@ -1115,7 +1115,7 @@ telnet(f, p, host) IM = Getstr("im", &cp); IF = Getstr("if", &cp); if (HN && *HN) - (void) strcpy(host_name, HN); + (void) strlcpy(host_name, HN, sizeof(host_name)); if (IF && (if_fd = open(IF, O_RDONLY, 000)) != -1) IM = 0; if (IM == 0) diff --git a/libexec/telnetd/utility.c b/libexec/telnetd/utility.c index ee6917340820..97478a7174c6 100644 --- a/libexec/telnetd/utility.c +++ b/libexec/telnetd/utility.c @@ -330,7 +330,7 @@ fatal(f, msg) { char buf[BUFSIZ]; - (void) sprintf(buf, "telnetd: %s.\r\n", msg); + (void) snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg); (void) write(f, buf, (int)strlen(buf)); sleep(1); /*XXX*/ exit(1); @@ -343,7 +343,7 @@ fatalperror(f, msg) { char buf[BUFSIZ], *strerror(); - (void) sprintf(buf, "%s: %s", msg, strerror(errno)); + (void) snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno)); fatal(f, buf); } |