From owner-cvs-lib  Sun Jul 16 11:55:42 1995
Return-Path: cvs-lib-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id LAA04367
          for cvs-lib-outgoing; Sun, 16 Jul 1995 11:55:42 -0700
Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA04357
          ; Sun, 16 Jul 1995 11:55:30 -0700
Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id LAA09011; Sun, 16 Jul 1995 11:55:12 -0700
From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>
Message-Id: <199507161855.LAA09011@gndrsh.aac.dev.com>
Subject: Re: cvs commit: src/lib/libc/net rcmd.c
To: peter@freefall.cdrom.com (Peter Wemm)
Date: Sun, 16 Jul 1995 11:55:12 -0700 (PDT)
Cc: CVS-commiters@freefall.cdrom.com, cvs-lib@freefall.cdrom.com
In-Reply-To: <199507161704.KAA00740@freefall.cdrom.com> from "Peter Wemm" at Jul 16, 95 10:04:08 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 617       
Sender: cvs-lib-owner@freebsd.org
Precedence: bulk

> 
> peter       95/07/16 10:04:04
> 
>   Modified:    lib/libc/net  rcmd.c
>   Log:
>   Slight adjustment to previous fix for __ivaliduser().  It was checking for
>   the comment before checking for long lines, so there was a possibility
>   that the wrap-around might be used as an exploitable hostname.

rcmd.c is security related code, please have changes reviewed by 1 or 2
others to prevent this type of mistake.  Thanks for spotting and fixing
this one!


-- 
Rod Grimes                                      rgrimes@gndrsh.aac.dev.com
Accurate Automation Company                 Reliable computers for FreeBSD