mirror of
https://github.com/openRuyi-Project/openRuyi.git
synced 2026-04-28 11:03:42 +00:00
35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From fd702c02497b2f398e739e3119bed0b23dd7aa7b Mon Sep 17 00:00:00 2001
|
|
From: Paul Eggert <eggert@cs.ucla.edu>
|
|
Date: Tue, 20 Jan 2026 01:10:36 -0800
|
|
Subject: [PATCH] Fix injection bug with bogus user names
|
|
|
|
Problem reported by Kyu Neushwaistein.
|
|
* telnetd/utility.c (_var_short_name):
|
|
Ignore user names that start with '-' or contain shell metacharacters.
|
|
|
|
Signed-off-by: Simon Josefsson <simon@josefsson.org>
|
|
---
|
|
telnetd/utility.c | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/telnetd/utility.c b/telnetd/utility.c
|
|
index b486226e..c02cd0e6 100644
|
|
--- a/telnetd/utility.c
|
|
+++ b/telnetd/utility.c
|
|
@@ -1733,7 +1733,14 @@ _var_short_name (struct line_expander *exp)
|
|
return user_name ? xstrdup (user_name) : NULL;
|
|
|
|
case 'U':
|
|
- return getenv ("USER") ? xstrdup (getenv ("USER")) : xstrdup ("");
|
|
+ {
|
|
+ /* Ignore user names starting with '-' or containing shell
|
|
+ metachars, as they can cause trouble. */
|
|
+ char const *u = getenv ("USER");
|
|
+ return xstrdup ((u && *u != '-'
|
|
+ && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")])
|
|
+ ? u : "");
|
|
+ }
|
|
|
|
default:
|
|
exp->state = EXP_STATE_ERROR;
|