From: Richard Basch <probe@mit.edu>
Date: Mon, 23 Oct 1995 21:55:51 +0000 (+0000)
Subject: 1. Do not end syslog messages with \n (it messes up the logs).
X-Git-Tag: krb5-1.0-beta6~882
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=37a948e96537fb7b865a0dfa1a2d73a6f82695b0;p=krb5.git

1. Do not end syslog messages with \n (it messes up the logs).
2. Prototyped envvarok() to ensure proper usage.
3. Prohibit the change of ELF_LD_* environment variables (Linux)
4. Syslog attempts to pass bad environment variables.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6987 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/appl/telnet/telnetd/state.c b/src/appl/telnet/telnetd/state.c
index 1cb56c02d..b364dfff1 100644
--- a/src/appl/telnet/telnetd/state.c
+++ b/src/appl/telnet/telnetd/state.c
@@ -44,6 +44,8 @@ unsigned char	will[] = { IAC, WILL, '%', 'c', 0 };
 unsigned char	wont[] = { IAC, WONT, '%', 'c', 0 };
 int	not42 = 1;
 
+static int envvarok(P(char *));
+
 /*
  * Buffer for sub-options, and macros
  * for suboptions buffer manipulations
@@ -353,7 +355,7 @@ gotiac:			switch (c) {
 			continue;
 
 		default:
-			syslog(LOG_ERR, "telnetd: panic state=%d\n", state);
+			syslog(LOG_ERR, "telnetd: panic state=%d", state);
 			printf("telnetd: panic state=%d\n", state);
 			exit(1);
 		}
@@ -1078,25 +1080,6 @@ int env_ovalue = -1;
 # define env_ovalue OLD_ENV_VALUE
 #endif	/* ENV_HACK */
 
-/* envvarok(char*) */
-/* check that variable is safe to pass to login or shell */
-static int
-envvarok(varp)
-	char *varp;
-{
-	if ((strchr(varp, '=') == 0) &&
-	    strncmp(varp, "LD_", strlen("LD_")) &&
-	    strncmp(varp, "_RLD_", strlen("_RLD_")) &&
-	    strcmp(varp, "LIBPATH") &&
-	    strcmp(varp, "IFS")) {
-		return 1;
-	} else {
-		/* optionally syslog(LOG_INFO) here */
-		return 0;
-	}
-
-}
-
 /*
  * suboption()
  *
@@ -1436,9 +1419,9 @@ suboption()
 		case ENV_USERVAR:
 			*cp = '\0';
 			if (envvarok(varp)) {
-			if (valp)
+			    if (valp)
 				(void)setenv(varp, valp, 1);
-			else
+			    else
 				unsetenv(varp);
 			}
 			cp = varp = (char *)subpointer;
@@ -1457,9 +1440,9 @@ suboption()
 	}
 	*cp = '\0';
 	if (envvarok(varp)) {
-	if (valp)
+	    if (valp)
 		(void)setenv(varp, valp, 1);
-	else
+	    else
 		unsetenv(varp);
 	}
 	break;
@@ -1639,3 +1622,17 @@ send_status()
 	DIAG(TD_OPTIONS,
 		{printsub('>', statusbuf, ncp - statusbuf); netflush();});
 }
+
+static int envvarok(varp)
+char *varp;
+{
+    if (!strncmp(varp, "LD_", 3) || !strncmp(varp, "_RLD_", 5) ||
+	!strncmp(varp, "ELF_LD_", 7) ||
+        !strcmp(varp, "LIBPATH") || !strcmp(varp, "IFS") ||
+	!strchr(varp, '='))
+    {
+	syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp);
+	return 0;
+    }
+    return 1;
+}