Up to [local] / src / usr.bin / login
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_6_9
Revision 1.72 / (download) - annotate - [select for diffs], Wed Dec 4 09:51:07 2019 UTC (4 years, 5 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.71: +9 -4 lines
Diff to previous 1.71 (colored)
libc's authentication privsep layer performed insufficient username validation. Repair work mostly by markus and millert, first of all solving the primary problem, then adding some additional validation points. And then futher validation in login and su. This will be 6.5/021_libcauth.patch.sig and 6.6/010_libcauth.patch.sig Reported by Qualys