d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement security fix correctly: via isprint()

Browse Source
This commit is contained in:
Andrey A. Chernov 1994-10-22 17:37:06 +00:00
parent badd813805
commit 5a2162043c
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=3793
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libexec/talkd/process.c
View File

@ -52,6 +52,7 @@ static char sccsid[] = "@(#)process.c 8.2 (Berkeley) 11/16/93";
#include <syslog.h>
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <paths.h>
CTL_MSG *find_request();
@ -63,6 +64,7 @@ process_request(mp, rp)
{
register CTL_MSG *ptr;
extern int debug;
char *s;
rp->vers = TALK_VERSION;
rp->type = mp->type;
@ -87,11 +89,12 @@ process_request(mp, rp)
rp->answer = BADCTLADDR;
return;
}
if (strchr(mp->l_name, 27)) {
syslog(LOG_NOTICE, "Illegal user name. Aborting");
rp->answer = FAILED;
return;
}
for (s = mp->l_name; *s; s++)
if (!isprint(*s)) {
syslog(LOG_NOTICE, "Illegal user name. Aborting");
rp->answer = FAILED;
return;
}
mp->pid = ntohl(mp->pid);
if (debug)
print_request("process_request", mp);