summaryrefslogtreecommitdiff
path: root/src/lib/libc/net
diff options
context:
space:
mode:
authorderaadt <>1998-02-11 05:28:52 +0000
committerderaadt <>1998-02-11 05:28:52 +0000
commitcf804860dbbf96ec70fd7e2eeb9cdbe0c86a0f49 (patch)
tree21ec71773380b6b5288b4569cf317556574dd7ed /src/lib/libc/net
parent997296bac15a2a4180e500b0722d1b6060a0dc87 (diff)
downloadopenbsd-cf804860dbbf96ec70fd7e2eeb9cdbe0c86a0f49.tar.gz
openbsd-cf804860dbbf96ec70fd7e2eeb9cdbe0c86a0f49.tar.bz2
openbsd-cf804860dbbf96ec70fd7e2eeb9cdbe0c86a0f49.zip
use fgetln() instead of fgets() so that we can catch \0 in the .rhosts
file. Thanks to fc@parkone.ci.oakland.ca.us for lots of testing and diagnosis help.
Diffstat (limited to 'src/lib/libc/net')
-rw-r--r--src/lib/libc/net/rcmd.c27
1 files changed, 14 insertions, 13 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
index 9db161e96d..33fe60452c 100644
--- a/src/lib/libc/net/rcmd.c
+++ b/src/lib/libc/net/rcmd.c
@@ -34,7 +34,7 @@
34 */ 34 */
35 35
36#if defined(LIBC_SCCS) && !defined(lint) 36#if defined(LIBC_SCCS) && !defined(lint)
37static char *rcsid = "$OpenBSD: rcmd.c,v 1.27 1998/02/11 02:26:15 deraadt Exp $"; 37static char *rcsid = "$OpenBSD: rcmd.c,v 1.28 1998/02/11 05:28:52 deraadt Exp $";
38#endif /* LIBC_SCCS and not lint */ 38#endif /* LIBC_SCCS and not lint */
39 39
40#include <sys/param.h> 40#include <sys/param.h>
@@ -403,39 +403,37 @@ __ivaliduser(hostf, raddrl, luser, ruser)
403{ 403{
404 register char *user, *p; 404 register char *user, *p;
405 int ch; 405 int ch;
406 char buf[MAXHOSTNAMELEN + 128]; /* host + login */ 406 char *buf;
407 const char *auser, *ahost; 407 const char *auser, *ahost;
408 int hostok, userok; 408 int hostok, userok;
409 char *rhost = (char *)-1; 409 char *rhost = (char *)-1;
410 char domain[MAXHOSTNAMELEN]; 410 char domain[MAXHOSTNAMELEN];
411 u_int32_t raddr = (u_int32_t)raddrl; 411 u_int32_t raddr = (u_int32_t)raddrl;
412 size_t buflen;
412 413
413 getdomainname(domain, sizeof(domain)); 414 getdomainname(domain, sizeof(domain));
414 415
415 while (fgets(buf, sizeof(buf), hostf)) { 416 while ((buf = fgetln(hostf, &buflen))) {
416 p = buf; 417 p = buf;
417 /* Skip lines that are too long. */
418 if (strchr(p, '\n') == NULL) {
419 while ((ch = getc(hostf)) != '\n' && ch != EOF)
420 if (!isprint(ch))
421 goto bail;
422 continue;
423 }
424 if (*p == '#') 418 if (*p == '#')
425 continue; 419 continue;
426 while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { 420 while (*p != '\n' && *p != ' ' && *p != '\t' && p < buf + buflen) {
427 if (!isprint(*p)) 421 if (!isprint(*p))
428 goto bail; 422 goto bail;
429 *p = isupper(*p) ? tolower(*p) : *p; 423 *p = isupper(*p) ? tolower(*p) : *p;
430 p++; 424 p++;
431 } 425 }
426 if (p >= buf + buflen)
427 continue;
432 if (*p == ' ' || *p == '\t') { 428 if (*p == ' ' || *p == '\t') {
433 *p++ = '\0'; 429 *p++ = '\0';
434 while (*p == ' ' || *p == '\t') 430 while (*p == ' ' || *p == '\t' && p < buf + buflen)
435 p++; 431 p++;
432 if (p >= buf + buflen)
433 continue;
436 user = p; 434 user = p;
437 while (*p != '\n' && *p != ' ' && 435 while (*p != '\n' && *p != ' ' &&
438 *p != '\t' && *p != '\0') { 436 *p != '\t' && p < buf + buflen) {
439 if (!isprint(*p)) 437 if (!isprint(*p))
440 goto bail; 438 goto bail;
441 p++; 439 p++;
@@ -450,6 +448,9 @@ __ivaliduser(hostf, raddrl, luser, ruser)
450 auser = *user ? user : luser; 448 auser = *user ? user : luser;
451 ahost = buf; 449 ahost = buf;
452 450
451 if (strlen(ahost) > MAXHOSTNAMELEN)
452 continue;
453
453 /* 454 /*
454 * innetgr() must lookup a hostname (we do not attempt 455 * innetgr() must lookup a hostname (we do not attempt
455 * to change the semantics so that netgroups may have 456 * to change the semantics so that netgroups may have
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 15:05:28 +0000