Up to [local] / src / usr.bin / login
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_6_6
Revision 1.71.2.1 / (download) - annotate - [select for diffs], Wed Dec 4 09:52:22 2019 UTC (4 years, 6 months ago) by deraadt
Branch: OPENBSD_6_6
Changes since 1.71: +9 -4 lines
Diff to previous 1.71 (colored) next main 1.72 (colored)
This is 6.6/010_libcauth.patch.sig libc's authentication privsep layer performed insufficient username validation. Repair work mostly by markus and millert, first of all solving the primary problem, then adding some additional validation points. And then futher validation in login and su. Reported by Qualys
Revision 1.71 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:01 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE
Branch point for: OPENBSD_6_6
Changes since 1.70: +6 -6 lines
Diff to previous 1.70 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.