Index: crypto/kerberosIV/lib/krb/tf_util.c =================================================================== RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/tf_util.c,v retrieving revision 1.1.1.3 retrieving revision 1.1.1.3.2.1 diff -u -u -r1.1.1.3 -r1.1.1.3.2.1 --- crypto/kerberosIV/lib/krb/tf_util.c 2000/01/09 08:29:11 1.1.1.3 +++ crypto/kerberosIV/lib/krb/tf_util.c 2000/12/12 03:07:56 1.1.1.3.2.1 @@ -249,20 +249,6 @@ int tf_create(char *tf_name) { - struct stat statbuf; - char garbage[BUFSIZ]; - - fd = open(tf_name, O_RDWR | O_BINARY, 0); - if (fd >= 0) { - if (fstat (fd, &statbuf) == 0) { - int i; - - for (i = 0; i < statbuf.st_size; i += sizeof(garbage)) - write (fd, garbage, sizeof(garbage)); - } - close (fd); - } - if (unlink (tf_name) && errno != ENOENT) return TKT_FIL_ACC; Index: crypto/kerberosIV/lib/krb/kdc_reply.c =================================================================== RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/kdc_reply.c,v retrieving revision 1.1.1.3 retrieving revision 1.1.1.3.2.1 diff -u -u -r1.1.1.3 -r1.1.1.3.2.1 --- crypto/kerberosIV/lib/krb/kdc_reply.c 2000/01/09 08:28:38 1.1.1.3 +++ crypto/kerberosIV/lib/krb/kdc_reply.c 2000/12/12 03:07:17 1.1.1.3.2.1 @@ -121,6 +121,9 @@ p += krb_get_int(p, &exp_date, 4, little_endian); p++; /* master key version number */ p += krb_get_int(p, &clen, 2, little_endian); + if (reply->length - (p - reply->dat) < clen) + return INTK_PROT; + cip->length = clen; memcpy(cip->dat, p, clen); p += clen; Index: crypto/kerberosIV/lib/krb/extra.c =================================================================== RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/extra.c,v retrieving revision 1.1.1.2 retrieving revision 1.1.1.2.2.1 diff -u -u -r1.1.1.2 -r1.1.1.2.2.1 --- crypto/kerberosIV/lib/krb/extra.c 2000/01/09 08:28:26 1.1.1.2 +++ crypto/kerberosIV/lib/krb/extra.c 2000/12/12 03:06:34 1.1.1.2.2.1 @@ -70,30 +70,6 @@ #ifndef WIN32 -struct obsolete { - const char *from; - const char *to; -} obsolete [] = { - { "KDC_TIMESYNC", "kdc_timesync" }, - { "KRB_REVERSE_DIRECTION", "reverse_lsb_test"}, - { "krb4_proxy", "krb4_proxy"}, - { NULL, NULL } -}; - -static void -check_obsolete(void) -{ - struct obsolete *r; - for(r = obsolete; r->from; r++) { - if(getenv(r->from)) { - krb_warning("The environment variable `%s' is obsolete;\n" - "set `%s' in your `krb.extra' file instead\n", - r->from, r->to); - define_variable(r->to, getenv(r->from)); - } - } -} - static int read_extra_file(void) { @@ -103,7 +79,6 @@ if(_krb_extra_read) return 0; _krb_extra_read = 1; - check_obsolete(); while(krb_get_krbextra(i++, file, sizeof(file)) == 0) { FILE *f = fopen(file, "r"); if(f == NULL) Index: libexec/telnetd/sys_term.c =================================================================== RCS file: /mnt/ncvs/src/libexec/telnetd/sys_term.c,v retrieving revision 1.24.2.3 retrieving revision 1.24.2.4 diff -u -u -r1.24.2.3 -r1.24.2.4 --- libexec/telnetd/sys_term.c 2000/12/11 01:03:23 1.24.2.3 +++ libexec/telnetd/sys_term.c 2000/12/12 03:10:49 1.24.2.4 @@ -1780,34 +1780,48 @@ /* * scrub_env() * - * Remove a few things from the environment that - * don't need to be there. + * We only accept the environment variables listed below. */ void scrub_env() { - register char **cpp, **cpp2; + static const char *reject[] = { + "TERMCAP=/", + NULL + }; - for (cpp2 = cpp = environ; *cpp; cpp++) { -#ifdef __FreeBSD__ - if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) && - strncmp(*cpp, "LD_PRELOAD=", 11) && -#else - if (strncmp(*cpp, "LD_", 3) && - strncmp(*cpp, "_RLD_", 5) && - strncmp(*cpp, "LIBPATH=", 8) && -#endif - strncmp(*cpp, "LOCALDOMAIN=", 12) && - strncmp(*cpp, "RES_OPTIONS=", 12) && - strncmp(*cpp, "TERMINFO=", 9) && - strncmp(*cpp, "TERMINFO_DIRS=", 14) && - strncmp(*cpp, "TERMPATH=", 9) && - strncmp(*cpp, "TERMCAP=/", 9) && - strncmp(*cpp, "ENV=", 4) && - strncmp(*cpp, "IFS=", 4)) - *cpp2++ = *cpp; - } - *cpp2 = 0; + static const char *accept[] = { + "XAUTH=", "XAUTHORITY=", "DISPLAY=", + "TERM=", + "EDITOR=", + "PAGER=", + "LOGNAME=", + "POSIXLY_CORRECT=", + "PRINTER=", + NULL + }; + + char **cpp, **cpp2; + const char **p; + + for (cpp2 = cpp = environ; *cpp; cpp++) { + int reject_it = 0; + + for(p = reject; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) { + reject_it = 1; + break; + } + if (reject_it) + continue; + + for(p = accept; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) + break; + if(*p != NULL) + *cpp2++ = *cpp; + } + *cpp2 = NULL; } /* Index: crypto/telnet/telnetd/sys_term.c =================================================================== RCS file: /mnt/ncvs/src/crypto/telnet/telnetd/sys_term.c,v retrieving revision 1.7.2.2 retrieving revision 1.7.2.3 diff -u -u -r1.7.2.2 -r1.7.2.3 --- crypto/telnet/telnetd/sys_term.c 2000/12/10 20:27:54 1.7.2.2 +++ crypto/telnet/telnetd/sys_term.c 2000/12/12 03:09:35 1.7.2.3 @@ -1839,27 +1839,48 @@ /* * scrub_env() * - * Remove a few things from the environment that - * don't need to be there. + * We only accept the environment variables listed below. */ void scrub_env() { - register char **cpp, **cpp2; + static const char *reject[] = { + "TERMCAP=/", + NULL + }; - for (cpp2 = cpp = environ; *cpp; cpp++) { -#ifdef __FreeBSD__ - if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) && - strncmp(*cpp, "LD_PRELOAD=", 11) && -#else - if (strncmp(*cpp, "LD_", 3) && - strncmp(*cpp, "_RLD_", 5) && - strncmp(*cpp, "LIBPATH=", 8) && -#endif - strncmp(*cpp, "IFS=", 4)) - *cpp2++ = *cpp; - } - *cpp2 = 0; + static const char *accept[] = { + "XAUTH=", "XAUTHORITY=", "DISPLAY=", + "TERM=", + "EDITOR=", + "PAGER=", + "LOGNAME=", + "POSIXLY_CORRECT=", + "PRINTER=", + NULL + }; + + char **cpp, **cpp2; + const char **p; + + for (cpp2 = cpp = environ; *cpp; cpp++) { + int reject_it = 0; + + for(p = reject; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) { + reject_it = 1; + break; + } + if (reject_it) + continue; + + for(p = accept; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) + break; + if(*p != NULL) + *cpp2++ = *cpp; + } + *cpp2 = NULL; } /*