===================================================================
RCS file: /home/ncvs/src/usr.sbin/inetd/builtins.c,v
retrieving revision 1.19.2.2
retrieving revision 1.19.2.3
diff -u -p -r1.19.2.2 -r1.19.2.3
--- src/usr.sbin/inetd/builtins.c	2000/10/24 19:18:29	1.19.2.2
+++ src/usr.sbin/inetd/builtins.c	2000/11/25 04:14:14	1.19.2.3
@@ -40,6 +40,7 @@
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <limits.h>
 #include <pwd.h>
 #include <signal.h>
@@ -575,6 +576,7 @@ ident_stream(s, sep)		/* Ident service (
 	 */
 	if (fflag && !usedfallback) {
 		FILE *fakeid = NULL;
+		int fakeid_fd;
 
 		if (asprintf(&p, "%s/.fakeid", pw->pw_dir) == -1)
 			iderror(lport, fport, s, errno);
@@ -583,8 +585,9 @@ ident_stream(s, sep)		/* Ident service (
 		 * open any files we have no permission to open, especially
 		 * symbolic links to sensitive root-owned files or devices.
 		 */
+		if (initgroups(pw->pw_name, pw->pw_gid) == -1)
+			iderror(lport, fport, s, errno);
 		seteuid(pw->pw_uid);
-		setegid(pw->pw_gid);
 		/*
 		 * If we were to lstat() here, it would do no good, since it
 		 * would introduce a race condition and could be defeated.
@@ -592,9 +595,9 @@ ident_stream(s, sep)		/* Ident service (
 		 * and if it's not a regular file, we close it and end up
 		 * returning the user's real username.
 		 */
-		fakeid = fopen(p, "r");
+		fakeid_fd = open(p, O_RDONLY | O_NONBLOCK);
 		free(p);
-		if (fakeid != NULL &&
+		if ((fakeid = fdopen(fakeid_fd, "r")) != NULL &&
 		    fstat(fileno(fakeid), &sb) != -1 && S_ISREG(sb.st_mode)) {
 			buf[sizeof(buf) - 1] = '\0';
 			if (fgets(buf, sizeof(buf), fakeid) == NULL) {
@@ -605,7 +608,7 @@ ident_stream(s, sep)		/* Ident service (
 			fclose(fakeid);
 			/*
 			 * Usually, the file will have the desired identity
-			 * in the form "identity\n", so we use strtok() to
+			 * in the form "identity\n", so we use strcspn() to
 			 * end the string (which fgets() doesn't do.)
 			 */
 			buf[strcspn(buf, "\r\n")] = '\0';
@@ -624,10 +627,16 @@ ident_stream(s, sep)		/* Ident service (
 			 * we will return their real identity instead.
 			 */
 			
-			if (!*cp || getpwnam(cp))
-				cp = getpwuid(uc.cr_uid)->pw_name;
+			if (!*cp || getpwnam(cp)) {
+				pw = getpwuid(uc.cr_uid);
+				if (pw == NULL)
+					iderror(lport, fport, s, errno);
+				cp = pw->pw_name;
+			}
 		} else
 			cp = pw->pw_name;
+		if (fakeid_fd != -1)
+			close(fakeid_fd);
 	} else if (!usedfallback)
 		cp = pw->pw_name;
 	else