d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct security hole in setproctitle(). We don't compile this code, but

Browse Source 
having the security hole there makes my skin itch.
This commit is contained in:
Kris Kennaway 2000-07-10 07:30:28 +00:00
parent 682199d834
commit 88868b1649
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=62877
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
contrib/opie/opieftpd.c
View File

@ -633,7 +633,7 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
#if DOTITLE
snprintf(proctitle, sizeof(proctitle), "%s: anonymous/%s", remotehost,
passwd);
setproctitle(proctitle);
setproctitle("%s", proctitle);
#endif /* DOTITLE */
syslog(LOG_NOTICE, "ANONYMOUS FTP login from %s with ID %s",
remotehost, passwd);
@ -644,7 +644,7 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
#if DOTITLE
snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
setproctitle(proctitle);
setproctitle("%s", proctitle);
#endif /* DOTITLE */
syslog(LOG_INFO, "FTP login from %s with user name %s", remotehost, pw->pw_name);
}
@ -1262,7 +1262,7 @@ static VOIDRET dolog FUNCTION((sin), struct sockaddr_in *sin)
remotehost[sizeof(remotehost) - 1] = '\0';
#if DOTITLE
snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
setproctitle(proctitle);
setproctitle("%s", proctitle);
#endif /* DOTITLE */
t = time((time_t *) 0);