MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
Fix MITKRB5-SA-2007-001:
* src/appl/telnet/telnetd/sys_term.c (start_login): Add "--"
argument preceding username, in addition to the original patch.
Explicitly check for leading hyphen in username.
* src/appl/telnet/telnetd/state.c (envvarok): Check for leading
hyphen in environment variables. On advice from Shawn Emery, not
using strchr() as in the original patch.
ticket: new
tags: pullup
target_version: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19396
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / commit