summaryrefslogtreecommitdiff
path: root/libexec/telnetd/sys_term.c
diff options
context:
space:
mode:
Diffstat (limited to 'libexec/telnetd/sys_term.c')
-rw-r--r--libexec/telnetd/sys_term.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/libexec/telnetd/sys_term.c b/libexec/telnetd/sys_term.c
index cde67833dfb4..675916174162 100644
--- a/libexec/telnetd/sys_term.c
+++ b/libexec/telnetd/sys_term.c
@@ -1273,7 +1273,7 @@ start_login(host, autologin, name)
{
register char *cp;
register char **argv;
- char **addarg();
+ char **addarg(), *user;
/*
* -h : pass on name of host.
@@ -1315,7 +1315,12 @@ start_login(host, autologin, name)
argv = addarg(argv, name);
} else
#endif
- if (getenv("USER")) {
+ if (user = getenv("USER")) {
+ if (strchr(user, '-')) {
+ syslog(LOG_ERR, "tried to pass user \"%s\" to login",
+ user);
+ fatal(net, "invalid user");
+ }
argv = addarg(argv, getenv("USER"));
#if defined(CRAY) && defined(NO_LOGIN_P)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 06:11:43 +0000