Don't allow LD_* env. variables to be tricked
Submitted by: Sam Hartman <hartmans@mit.edu>
This commit is contained in:
Andrey A. Chernov
parent
661314a761
commit
b6369ff12e
@ -32,7 +32,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef lint
|
#ifndef lint
|
||||||
static char sccsid[] = "@(#)sys_term.c 8.4 (Berkeley) 5/30/95";
|
static char sccsid[] = "@(#)sys_term.c 8.4+1 (Berkeley) 5/30/95";
|
||||||
#endif /* not lint */
|
#endif /* not lint */
|
||||||
|
|
||||||
#include "telnetd.h"
|
#include "telnetd.h"
|
||||||
@ -1581,10 +1581,12 @@ start_login(host, autologin, name)
|
|||||||
utmpx.ut_id[3] = SC_WILDC;
|
utmpx.ut_id[3] = SC_WILDC;
|
||||||
utmpx.ut_type = LOGIN_PROCESS;
|
utmpx.ut_type = LOGIN_PROCESS;
|
||||||
(void) time(&utmpx.ut_tv.tv_sec);
|
(void) time(&utmpx.ut_tv.tv_sec);
|
||||||
if (pututxline(&utmpx) == NULL)
|
if (makeutx(&utmpx) == NULL)
|
||||||
fatal(net, "pututxline failed");
|
fatal(net, "makeutx failed");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
scrub_env();
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* -h : pass on name of host.
|
* -h : pass on name of host.
|
||||||
* WARNING: -h is accepted by login if and only if
|
* WARNING: -h is accepted by login if and only if
|
||||||
@ -1820,6 +1822,26 @@ addarg(argv, val)
|
|||||||
}
|
}
|
||||||
#endif /* NEWINIT */
|
#endif /* NEWINIT */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* scrub_env()
|
||||||
|
*
|
||||||
|
* Remove a few things from the environment that
|
||||||
|
* don't need to be there.
|
||||||
|
*/
|
||||||
|
scrub_env()
|
||||||
|
{
|
||||||
|
register char **cpp, **cpp2;
|
||||||
|
|
||||||
|
for (cpp2 = cpp = environ; *cpp; cpp++) {
|
||||||
|
if (!strncmp(*cpp, "LD_", 3) &&
|
||||||
|
!strncmp(*cpp, "_RLD_", 5) &&
|
||||||
|
!strncmp(*cpp, "LIBPATH=", 8) &&
|
||||||
|
!strncmp(*cpp, "IFS=", 4))
|
||||||
|
*cpp2++ = *cpp;
|
||||||
|
}
|
||||||
|
*cpp2 = 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* cleanup()
|
* cleanup()
|
||||||
*
|
*
|
||||||
|
|||||||
@ -32,7 +32,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef lint
|
#ifndef lint
|
||||||
static char sccsid[] = "@(#)sys_term.c 8.4 (Berkeley) 5/30/95";
|
static char sccsid[] = "@(#)sys_term.c 8.4+1 (Berkeley) 5/30/95";
|
||||||
#endif /* not lint */
|
#endif /* not lint */
|
||||||
|
|
||||||
#include "telnetd.h"
|
#include "telnetd.h"
|
||||||
@ -1581,10 +1581,12 @@ start_login(host, autologin, name)
|
|||||||
utmpx.ut_id[3] = SC_WILDC;
|
utmpx.ut_id[3] = SC_WILDC;
|
||||||
utmpx.ut_type = LOGIN_PROCESS;
|
utmpx.ut_type = LOGIN_PROCESS;
|
||||||
(void) time(&utmpx.ut_tv.tv_sec);
|
(void) time(&utmpx.ut_tv.tv_sec);
|
||||||
if (pututxline(&utmpx) == NULL)
|
if (makeutx(&utmpx) == NULL)
|
||||||
fatal(net, "pututxline failed");
|
fatal(net, "makeutx failed");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
scrub_env();
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* -h : pass on name of host.
|
* -h : pass on name of host.
|
||||||
* WARNING: -h is accepted by login if and only if
|
* WARNING: -h is accepted by login if and only if
|
||||||
@ -1820,6 +1822,26 @@ addarg(argv, val)
|
|||||||
}
|
}
|
||||||
#endif /* NEWINIT */
|
#endif /* NEWINIT */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* scrub_env()
|
||||||
|
*
|
||||||
|
* Remove a few things from the environment that
|
||||||
|
* don't need to be there.
|
||||||
|
*/
|
||||||
|
scrub_env()
|
||||||
|
{
|
||||||
|
register char **cpp, **cpp2;
|
||||||
|
|
||||||
|
for (cpp2 = cpp = environ; *cpp; cpp++) {
|
||||||
|
if (!strncmp(*cpp, "LD_", 3) &&
|
||||||
|
!strncmp(*cpp, "_RLD_", 5) &&
|
||||||
|
!strncmp(*cpp, "LIBPATH=", 8) &&
|
||||||
|
!strncmp(*cpp, "IFS=", 4))
|
||||||
|
*cpp2++ = *cpp;
|
||||||
|
}
|
||||||
|
*cpp2 = 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* cleanup()
|
* cleanup()
|
||||||
*
|
*
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user