From: Theodore Tso <tytso@mit.edu>
Date: Thu, 23 Oct 1997 18:03:01 +0000 (+0000)
Subject: Prohibit the passing of TERMCAP, TERMPATH, TERMINFO, and HOME, since
X-Git-Tag: krb5-1.1-beta1~977
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=9a1025717ce9948c239492aa03afb8b5f468a458;p=krb5.git

Prohibit the passing of TERMCAP, TERMPATH, TERMINFO, and HOME, since
they can be used to exploit a security in tgetent.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10248 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog
index b8fa48c52..6b7ef9fb2 100644
--- a/src/appl/telnet/telnetd/ChangeLog
+++ b/src/appl/telnet/telnetd/ChangeLog
@@ -1,3 +1,9 @@
+Thu Oct 23 13:59:32 1997  Theodore Y. Ts'o  <tytso@mit.edu>
+
+	* state.c (envvarok): Prohibit the passing of TERMCAP, TERMPATH,
+		TERMINFO, and HOME, since they can be used to exploit a
+		security in tgetent.
+
 Wed Apr  9 23:46:40 1997  Tom Yu  <tlyu@mit.edu>
 
 	* sys_term.c (start_login): Bounds check the constructed "speed"
diff --git a/src/appl/telnet/telnetd/state.c b/src/appl/telnet/telnetd/state.c
index 16e71d470..9d5224acc 100644
--- a/src/appl/telnet/telnetd/state.c
+++ b/src/appl/telnet/telnetd/state.c
@@ -1645,6 +1645,10 @@ static int envvarok(varp)
 	char *varp;
 {
 	if (!strchr(varp, '=') &&
+	    strcmp(varp, "TERMCAP") && /* to prevent a security hole  */
+	    strcmp(varp, "TERMINFO") &&	/* with tgetent */
+	    strcmp(varp, "TERMPATH") &&
+	    strcmp(varp, "HOME") && /* to prevent the tegetent bug  */
 	    strncmp(varp, "LD_", strlen("LD_")) && /* most systems */
 	    strncmp(varp, "_RLD_", strlen("_RLD_")) && /* irix */
 	    strncmp(varp, "KRB5", strlen("KRB5")) && /* v5 */