Slight adjustment to previous fix for __ivaliduser(). It was checking for

the comment before checking for long lines, so there was a possibility that the wrap-around might be used as an exploitable hostname. Reviewed by: Submitted by: Obtained from:
svn path=/head/; revision=9552
2024-12-18 10:35:55 +00:00 · 1995-07-16 17:03:58 +00:00 · 1995-07-16 17:03:58 +00:00 · acc7e87c9b · 2020-12-20 02:59:44 +00:00
commit acc7e87c9b
parent 6263a19a10
1 changed files with 4 additions and 2 deletions
--- a/lib/libc/net/rcmd.c
+++ b/lib/libc/net/rcmd.c
@ -366,14 +366,16 @@ __ivaliduser(hostf, raddr, luser, ruser)
 		return (-1);

 	while (fgets(buf, sizeof(buf), hostf)) {
-		if(buf[0] == '#')
-			continue;
 		p = buf;
 		/* Skip lines that are too long. */
 		if (strchr(p, '\n') == NULL) {
 			while ((ch = getc(hostf)) != '\n' && ch != EOF);
 			continue;
 		}
+		if (*p == '\n' || *p == '#') {
+			/* comment... */
+			continue;
+		}
 		while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
 			*p = isupper(*p) ? tolower(*p) : *p;
 			p++;