From ba688fa510d576d8d64ef75fcb117896a5f3a408 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Sun, 10 Dec 2000 20:50:20 +0000 Subject: [PATCH] (scrub_env): change to only accept a listed set of variables, including only non-filename contents for TERMCAP --- contrib/telnet/telnetd/sys_term.c | 60 +++++++++++++++++++------------ crypto/telnet/telnetd/sys_term.c | 60 +++++++++++++++++++------------ libexec/telnetd/sys_term.c | 60 +++++++++++++++++++------------ 3 files changed, 111 insertions(+), 69 deletions(-) diff --git a/contrib/telnet/telnetd/sys_term.c b/contrib/telnet/telnetd/sys_term.c index 5e28390359c..7d0811fb235 100644 --- a/contrib/telnet/telnetd/sys_term.c +++ b/contrib/telnet/telnetd/sys_term.c @@ -1839,34 +1839,48 @@ addarg(argv, val) /* * scrub_env() * - * Remove a few things from the environment that - * don't need to be there. + * We only accept the environment variables listed below. */ void scrub_env() { - register char **cpp, **cpp2; + static const char *reject[] = { + "TERMCAP=/", + NULL + }; - for (cpp2 = cpp = environ; *cpp; cpp++) { -#ifdef __FreeBSD__ - if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) && - strncmp(*cpp, "LD_PRELOAD=", 11) && -#else - if (strncmp(*cpp, "LD_", 3) && - strncmp(*cpp, "_RLD_", 5) && - strncmp(*cpp, "LIBPATH=", 8) && -#endif - strncmp(*cpp, "LOCALDOMAIN=", 12) && - strncmp(*cpp, "RES_OPTIONS=", 12) && - strncmp(*cpp, "TERMINFO=", 9) && - strncmp(*cpp, "TERMINFO_DIRS=", 14) && - strncmp(*cpp, "TERMPATH=", 9) && - strncmp(*cpp, "TERMCAP=/", 9) && - strncmp(*cpp, "ENV=", 4) && - strncmp(*cpp, "IFS=", 4)) - *cpp2++ = *cpp; - } - *cpp2 = 0; + static const char *accept[] = { + "XAUTH=", "XAUTHORITY=", "DISPLAY=", + "TERM=", + "EDITOR=", + "PAGER=", + "LOGNAME=", + "POSIXLY_CORRECT=", + "PRINTER=", + NULL + }; + + char **cpp, **cpp2; + const char **p; + + for (cpp2 = cpp = environ; *cpp; cpp++) { + int reject_it = 0; + + for(p = reject; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) { + reject_it = 1; + break; + } + if (reject_it) + continue; + + for(p = accept; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) + break; + if(*p != NULL) + *cpp2++ = *cpp; + } + *cpp2 = NULL; } /* diff --git a/crypto/telnet/telnetd/sys_term.c b/crypto/telnet/telnetd/sys_term.c index 5e28390359c..7d0811fb235 100644 --- a/crypto/telnet/telnetd/sys_term.c +++ b/crypto/telnet/telnetd/sys_term.c @@ -1839,34 +1839,48 @@ addarg(argv, val) /* * scrub_env() * - * Remove a few things from the environment that - * don't need to be there. + * We only accept the environment variables listed below. */ void scrub_env() { - register char **cpp, **cpp2; + static const char *reject[] = { + "TERMCAP=/", + NULL + }; - for (cpp2 = cpp = environ; *cpp; cpp++) { -#ifdef __FreeBSD__ - if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) && - strncmp(*cpp, "LD_PRELOAD=", 11) && -#else - if (strncmp(*cpp, "LD_", 3) && - strncmp(*cpp, "_RLD_", 5) && - strncmp(*cpp, "LIBPATH=", 8) && -#endif - strncmp(*cpp, "LOCALDOMAIN=", 12) && - strncmp(*cpp, "RES_OPTIONS=", 12) && - strncmp(*cpp, "TERMINFO=", 9) && - strncmp(*cpp, "TERMINFO_DIRS=", 14) && - strncmp(*cpp, "TERMPATH=", 9) && - strncmp(*cpp, "TERMCAP=/", 9) && - strncmp(*cpp, "ENV=", 4) && - strncmp(*cpp, "IFS=", 4)) - *cpp2++ = *cpp; - } - *cpp2 = 0; + static const char *accept[] = { + "XAUTH=", "XAUTHORITY=", "DISPLAY=", + "TERM=", + "EDITOR=", + "PAGER=", + "LOGNAME=", + "POSIXLY_CORRECT=", + "PRINTER=", + NULL + }; + + char **cpp, **cpp2; + const char **p; + + for (cpp2 = cpp = environ; *cpp; cpp++) { + int reject_it = 0; + + for(p = reject; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) { + reject_it = 1; + break; + } + if (reject_it) + continue; + + for(p = accept; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) + break; + if(*p != NULL) + *cpp2++ = *cpp; + } + *cpp2 = NULL; } /* diff --git a/libexec/telnetd/sys_term.c b/libexec/telnetd/sys_term.c index b1ca5c4da61..63b6ede5fec 100644 --- a/libexec/telnetd/sys_term.c +++ b/libexec/telnetd/sys_term.c @@ -1780,34 +1780,48 @@ addarg(argv, val) /* * scrub_env() * - * Remove a few things from the environment that - * don't need to be there. + * We only accept the environment variables listed below. */ void scrub_env() { - register char **cpp, **cpp2; + static const char *reject[] = { + "TERMCAP=/", + NULL + }; - for (cpp2 = cpp = environ; *cpp; cpp++) { -#ifdef __FreeBSD__ - if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) && - strncmp(*cpp, "LD_PRELOAD=", 11) && -#else - if (strncmp(*cpp, "LD_", 3) && - strncmp(*cpp, "_RLD_", 5) && - strncmp(*cpp, "LIBPATH=", 8) && -#endif - strncmp(*cpp, "LOCALDOMAIN=", 12) && - strncmp(*cpp, "RES_OPTIONS=", 12) && - strncmp(*cpp, "TERMINFO=", 9) && - strncmp(*cpp, "TERMINFO_DIRS=", 14) && - strncmp(*cpp, "TERMPATH=", 9) && - strncmp(*cpp, "TERMCAP=/", 9) && - strncmp(*cpp, "ENV=", 4) && - strncmp(*cpp, "IFS=", 4)) - *cpp2++ = *cpp; - } - *cpp2 = 0; + static const char *accept[] = { + "XAUTH=", "XAUTHORITY=", "DISPLAY=", + "TERM=", + "EDITOR=", + "PAGER=", + "LOGNAME=", + "POSIXLY_CORRECT=", + "PRINTER=", + NULL + }; + + char **cpp, **cpp2; + const char **p; + + for (cpp2 = cpp = environ; *cpp; cpp++) { + int reject_it = 0; + + for(p = reject; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) { + reject_it = 1; + break; + } + if (reject_it) + continue; + + for(p = accept; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) + break; + if(*p != NULL) + *cpp2++ = *cpp; + } + *cpp2 = NULL; } /*