![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / login
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_6_5
Revision 1.70.4.1 / (download) - annotate - [select for diffs], Wed Dec 4 09:51:49 2019 UTC (4 years, 6 months ago) by deraadt
Branch: OPENBSD_6_5
Changes since 1.70: +9 -4 lines
Diff to previous 1.70 (colored) next main 1.71 (colored)
This is 6.5/021_libcauth.patch.sig libc's authentication privsep layer performed insufficient username validation. Repair work mostly by markus and millert, first of all solving the primary problem, then adding some additional validation points. And then futher validation in login and su. Reported by Qualys
Revision 1.70 / (download) - annotate - [select for diffs], Wed Aug 15 19:38:47 2018 UTC (5 years, 9 months ago) by fcambus
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Branch point for: OPENBSD_6_5
Changes since 1.69: +3 -4 lines
Diff to previous 1.69 (colored)
Remove dead assignment in login(1). Since rev 1.36, the instance variable is never read again so we can simply drop the else clause with the assignment. While there, also drop the useless increment, as pointed out by tom@. OK deraadt@ (previous version), millert@, tom@